Risk Management Report | Insurance Claims Investigation

 Due  Diligence Asset  Tracing | Employment  Verification 

Background Check | Polygraph Service | Fraud Investigation


Office Security Audit  

With the development of the market economy, the competition is becoming more and more furious. In pursuing profits, various unfair competitive methods emerge endlessly, such as invading others’ business information security, stealing business secrets, destroying data and etc. Those are serious threats to business information security. Furthermore, due to the rapid development of science and technology and the popularization of network, the means of invading business information security not only increase surprisingly, but also become more and more covert, which result in serious loss. At the same time, in modern e-business management operation and trading mode, the business secrets are easier to be invaded. The alarm of business information security is raised.

Currently, the threat to business information security, which was resulted from office security is in various forms, and mainly includes two aspects: 

One is wiretapping, which refers to the actions of obtaining others’ business information to attain profits illegally through wiretap. Along with the development of science and technology, wiretapping is beyond the concept of eavesdropping nearby or through telephone, and is developing into wiretapping linguistic information, data and written or video information by advanced equipments and means.

In the process of wiretapping detection, we have found many different methods of wiretapping, mainly including: taping the internal program-controlled telephone of the company, setting miniature camera or record machine in offices, monitoring the fax system, and wiretapping the cell phones of senior management personnel. Through wiretapping detection, we found that most of wiretaps are nonlinear node devices. What we concern is that no company or individual adopted any anti-eavesdrop detection devices to prevent the business secrets from being divulged, disclosed, and revealed.  

Secondly, the information is stolen or destroyed by hacker inbreak through Internet. Business information mainly includes storage data of core technology, important clients, daily business mails and etc. The forms of hacker inbreak are various, such as obtaining information by entering the mailbox or local area network, deleting important data or illegally attacking the network of companies.

According to the first national information network security survey conducted by the Ministry of Public Security and China Computer Federation in 2003, information network security accidents had happened in 4,057 companies out of 7,072 companies, which account for 58% of the total. Among 7,072 companies, 22% companies only had experienced the information security accident for once, 13% companies for twice, and 23% companies for three times or even more. Now, the figures are increasing with the development of Internet and are much more alarming in foreign countries and the developed regions in China.

The serious threat to business information security provides broad developing space for business information security service. Under such circumstance, Office Security Audit comes forth, which is a new style business security service, as the times require.

Business information security services of anti-wiretapping detection has been already developing in foreign countries, mainly in USA and Europe, such as CCS and SITG (Security Intelligence Technologies Corporation), which have had fairly business scale and fame. In Japan, the industry related to business information security has developed as well.

In China, business information security service lagged behind a lot. There are only a few professional companies provided business security inspection service, such as CNNS. Most of the companies are science and technology companies, which are engaged in development, production, and sale of security inspection and wiretapping detection equipment and provide low-tech, low-cost products, like portable mini-type equipment for anti-wiretap or anti-candid, which are also called detective dogs. There are rare companies providing systematical and comprehensive services of anti-eavesdropping detection, and wiretapping detection. Therefore, many of the business companies cannot obtain the approach of anti-wiretapping and Internet checking.

It is worthwhile to mention that compared with anti-eavesdropping detection and business information security inspection services, there are a large number of companies providing products of the opposite services, such as wiretapping devices, services of monitoring or entering into other computers. From another point of view, the existence of above companies and manufacturers are caused by the tendency of searching for the business secrets to win the furious business competition regardless of means. Under such circumstances, the implementation of Office Security Audit is an urgent need.

In the implementation of Office Security Audit, the main precaution methods are Internet security checking and wiretapping detection. As for Internet security checking, we will not explain in detail here, because there are sophisticated Internet security companies in China. The focus here is the precaution method of anti-wiretapping detection.

First of all, the forms of wiretapping detection are office equipments security detection, indoors dictograph detection and so on.

Secondly, companies should improve their communications system, like telephone and fax. The communications system of confidential departments should be consisted of two separate systems, an interior phone line system and an exterior phone line system. As the two systems are disconnected, the exterior wiretapping is not effective while the interior phone line is in use. The call on exterior phone can be done through special communication equipments or exchanged by operators. At the same time, it will be much safer for the communication through telephone by conducting telephone security detection and anti-wiretapping detection.

Thirdly, special inspection should be conducted prior to important meetings in order to know whether there are dictograph devices or not. Companies may purchase devices of anti-wiretap or interfering wiretap in order to discover wiretappings in time or make the wiretappings not work. Based on the development of technology, equipment and methods of wiretapping, the wiretapping detections mainly aim at nonlinear node devices. Such nonlinear node devices are usually placed in offices. So to conduct wiretapping detections in offices is a main measure of business secrets protection and an effective way of wiretap and dictograph prevention.

Last but not least, there are different sorts of wiretapping detections, including regular detection, irregular detection and special detection.

Companies should make security detection plan with the guidance of the companies, which provide professional security services. According to experience of Steele, regular detection should be conducted once a quarter. At the same time, the irregular detection and special detection of the key departments and work places (meeting room, offices of decision-making person and etc) should be taken into consideration.

In China, there is saying that harbor is no ill intention against others, but never relax vigilance against evildoers. Now the economy develops rapidly and the competition is fierce, but the laws and regulations remain to be perfected. Office Security Audit is becoming the measure of maintaining the company’s development and business security.

       Previous        Back       Next