Protect your data, and prevent corporate espionage

Security services catch Chinese and Russian hackers penetrating Dutch companies online every day. Small companies with valuable business information can also be attractive to eavesdroppers. Find out what the risks of corporate espionage are. And how to limit them.

Veldhoven-based ASML became a victim of corporate espionage (in Dutch) in early 2023. The Chinese government is behind it. It is interested in the chipmaker's technology. An employee in China stole company information.

Major threat

"Corporate espionage from other countries has been a serious threat for years", says researcher Jurriën Hamer of the Rathenau Institute (in Dutch), which researches the impact of technology on society. "Sometimes stealing trade secrets is the goal, for example through eavesdropping. But international criminals that extort companies with ransomware are also a major threat." Each year companies in the EU lose about €60 billion because foreign governments and criminals steal European trade secrets.

Valuable information on the business

Do foreign governments spy on small businesses too? Yes, that is quite possible, Hamer says. "If you have valuable corporate information, you have to be mindful of spying (in Dutch)." Maybe you develop a new crop that is resistant to certain diseases. Or you have a brilliant idea for an app that will change the dating world. That innovative knowledge is of interest to criminals or governments because it could bring in money or an information advantage.

Spyware

Governments and criminals often use spyware for digital eavesdropping. Spyware is software that lets them turn the microphone of your phone, laptop, or tablet on and off without you noticing a thing. It also allows eavesdroppers to read your messages. The 'Pegasus' spyware, which was used to eavesdrop (in Dutch) on the Spanish prime minister, has been found on thousands of phones since 2019. Intelligence services from Saudi Arabia and Kazakhstan, for example, eavesdropped on conversations journalists and lawyers.

Reputational damage

Most spying cases do not make the news. This applies to both internal spying and eavesdropping. Espionage is carried out sneakily, so it often goes unnoticed. "But even businesses that know they have been bugged do not advertise the fact", says Hamer. "It is not easy for a company to say that they have been hacked." Companies fear reputational damage, so they do not always report the hacking."

Is somebody eavesdropping on me?

Given that spying is done secretly, how do you know you are bugged, being eavesdropped on? It is hard to find out. Security consultant Jethro Pijlman of security firm Infinite Risks cites one important clue: "Strangers suddenly know more about your innovative business plans than is possible, for example. If you are sure that no one in your team is leaking information, and you do not discover eavesdropping devices in your business premises during a check, there is a chance that someone is tapping your phone."

Secure your business information

Hamer says we do not need to fear that the Chinese government is spying on us en masse. But his view is that it is still important to secure your valuable trade secrets properly: "In general, cybersecurity is part of running your business well." Use strong, unique passwords, and install antivirus software, for example. That will recognise many forms of spyware.

Suspected spying

Get help if you suspect that eavesdropping is being used to steal your business information. "Contact the National Police, for instance", says Pijlman. "Naturally, it is important that you can then explain why you think you are being bugged, because the police receive thousands of such reports each year."

A little mistrust

To avoid being bugged, a little mistrust is very healthy, Pijlman believes. "If you are discussing important things that really should not be leaked, it is best to behave as if someone is actually eavesdropping on you." So again: put phones away, in the candy jar if necessary. Because if there is no microphone, no one can listen in.

Has your company been bugged, or have you been a victim of corporate espionage? Share your story with kvk.cyber@kvk.nl.