Workforce Information Security Program™

Keeping "Inside Information" Inside

Be secure on all fronts

Most companies spend significant time and money on physical security with guards, ID badges and surveillance cameras. The IT department worries night and day about network security against hackers who may try to breach the firewall and obtain sensitive files or wreak havoc.

Make no mistake, RivalScape supports good physical and network security one hundred percent. But it is easy to overlook another essential element, a third pillar of security that we find usually falls through the cracks: information security. Information security is all about keeping the valuable proprietary know-how that resides in your workforce right where it belongs – inside the walls of your company.

RivalScape believes it makes little sense to develop an otherwise solid competitive intelligence program that neglects to include a focus on internal information security. It could mean that your company, especially your key knowledge workgroups, are easy targets for your rivals’ collection efforts.

Let information flow – but only where it should

We recognize that your company must remain open and friendly to your customers, prospects, suppliers and other groups with whom you do business. We show you concrete ways to accomplish that essential goal while simultaneously becoming opaque and hard to penetrate by those who should not be getting information from your people.

Is your workforce unwittingly capricious with your firm’s valuable intellectual property? How confident are you that if a “graduate student” or “research firm” calls one of your engineers or marketing people tomorrow asking for “help” on a project, your employee won’t say things they shouldn’t? What they say could easily go straight from your employee’s mouth to your key competitor’s ear. This deceptive practice is called “rusing” and it happens all the time in a wide variety of guises to businesses large and small.

Start with a single point of focus

We always recommend certain general solutions, such as creating an information security focal point in the company, a one-person conduit to receive all outside inquiries that arouse suspicion. However, each client’s information security issues are unique. So we conduct an efficient information security audit that includes interviews with key management and short written surveys of selected employees. Quite often the best ideas for identifying soft targets within your ranks and improving information security come from middle managers and below, the people most likely to observe and be concerned about information leaks on a daily basis.

We then work closely with the person designated as the focal point within the firm to create an ongoing Workforce Information Security Program™ (WISP) that incorporates our general solutions plus strategies and techniques customized to your specific corporate issues. The employee selected to be the WISP focal point becomes, in effect, the counterintelligence officer for your firm. By having all questionable information requests channeled to his or her desk, this person can spot any telling patterns and trends that might emerge.

RivalScape will help you launch the WISP with awareness briefings and employee training. We also provide ongoing consulting to maintain and improve the program, and to help you resolve any critical new information security problems that may arise.