Competitive intelligence, corporate security and the virtual organization.

As discussed earlier, many corporate personnel are oblivious to CI penetrations and breaches in corporate security. Furthermore, they exhibit a reluctance to report its occurrence (Graham, 1998). Therefore, it is imperative for organizations to routinely mount corporate security penetration exercises using outside experts (Winkler, 1997; Hecht and Murphy, 2000). The use of external consultants with a level of expertise equal to that of CI operatives should expose potential weaknesses common in most corporate security programs (Winkler, 1997). After concluding the audit, non-punitive feedback should be given directly to "targets" of the exercise. Security consultants should then work with these employees to develop recommendations and procedures to reduce the potential for future security breakdowns. Both the employees and security consultants should then jointly present the recommendations to top management. This participatory process may serve to (a) provide an important validation of conclusions reached by the consultants; (b) build an employee coalition supportive of the new security recommendations; and (c) create a corporate culture which recognizes that corporate security requires a multilevel system of empowerment in order to be effective.

C: Computer Security And T: Telecommunications Security

In reviewing Security Magazine's 1999 survey of corporate security executives, Somerson (1999) reports that computer security has been protected through the use of document shredders, lockdown devices, system alarms and password protection software. He also reports that approximately 10 percent of these executives planned to bolster computer security through the installation of biometric reading/scanning technologies as authentication hurdles. These devices authorize computer system/data access based upon matching a potential user' s physiological characteristics against the known characteristics of valid users. These scanning technologies range from fingerprint identification to retinal/iris and voice pattern recognition (Desmarais, 2000; Richards, 1999). For example, the U-Match Mouse (BioLink Technologies) uses a patented fingerprint scanning technology that is incorporated into a conventional 2-button mouse. As individuals attempt to activate a computer system, their fingerprints are scanned and compared against a 5000 byte template that determines whether they are among the authorized user cadre (Businesswire, 2000).

Security management hardware/software (e.g.: COBRA, DCOM, TINA), as well as the installation of updated virus protection and firewalls, have often been used to hinder cyber attacks stemming from port/network scanning and spoofing (Gritzalis, Lladis and Oikonomopoulos, 2000). Encryption technologies can provide defenses against password/packet sniffing and data theft (Schultz, 1999). Additional password security may be instituted through single-use passwords and eliminating passwords subject to compromise through "dictionary programs" (Schultz, 1999; Hecht and Murphy, 2000).

Technological solutions have also been suggested to mitigate CI problems attributable to the electronic monitoring of computer screen emissions and telecommunications systems. The monitoring and reproduction of computer screen emissions can be countered by "hardening" computer systems through use of copper shielding and performing sensitive activities in windowless lead-lined rooms (Ward, 1993; Winkler, 1997; Fitzpatrick, 2000). Finally, the monitoring of corporate telecommunications can be made more cumbersome by (1) routinely sweeping corporate facilities for "bugs"; and (2) requiring sensitive message traffic to be conducted at random time intervals and over telephone exchanges not identified with the targeted firm (Winkler, 1997; Fitzpatrick, 2000). In addressing the first of these recommendations, corporate security experts find that CI operatives often use shift changes to physically penetrate corporate offices/facilities in order to plant surveillance devices. Therefore, the sweeping of offices/facilities should be performed shortly after the organization experiences major influxes and/or departures of personnel (Winkler, 1997; Hecht and Murphy, 2000). Additionally, organizational personnel conducting sensitive message traffic should have their communications restricted to telephone lines not possessing the same 3 digit prefix shared by the majority of the firm's offices/personnel. This creates uncertainty for CI operatives concerning the how, when and where issues associated with bugging and surveillance operations (Winkler, 1997; Fitzpatrick, 2000).

CONCLUSION

Virtual organizations represent a new form of organizational structure designed to enhance competitiveness and strategic flexibility through the extensive use of subcontracting, business partnering, and information technologies. Many of these strategic advantages derive from the ability of the virtual organization to freely exchange information, resources, technologies and ideas across organizational boundaries. On the other hand, the unique features of this organizational form that serve to enhance competitiveness can also result in significant intelligence vulnerabilities and the subsequent loss of strategic advantage. Aggressive counter intelligence programs, such as the FOG-PACT system outlined in this paper, have the potential for reducing competitive intelligence vulnerabilities through (a) heightened personnel security; (b) restrictions in both the access to and use of information technologies; (c) the construction of contracts which restrict the manner in which subcontractors or business partners utilize proprietary information and intellectual properties derived from their association with virtual firms; and (d) the hardening computer/telecommunications systems from hostile penetration and monitoring. However, the techniques designed to enhance corporate security may also pose a significant competitive predicament for virtual firms by restricting their ability to rapidly disseminate information/ideas while benefiting from the creative synergies/capabilities of their business partners. Indeed, one of the key dilemmas facing virtual companies may be balancing this need for openness and creative synergy with basic principles of corporate security.

REFERENCES

American Society for Industrial Security and PricewaterhouseCoopers. (1999). Trends in proprietary information loss. Alexandria, VA: American Society for Industrial Security.

Associated Press. (2000, September 19). O. C. business plus; FBI probing Irvine theft of Qualcomm CEO's laptop. The Los Angeles Times, p. 3.

Associated Press. (2001, March 22). Food worker arrested on corporate espionage charges. Retrieved May 23, 2001, Online: http://www.cnn.com/2001/us/03/22/credit.card.espionage.ap/index.html

Barndt, W. D., Jr. (1994). User-directed competitive intelligence. Westport, CN: Quorum Books.

Barron, J. (1985). KGB today: The hidden hand. New York: Berkley Books.

Boni, W. C. (1999). Protecting high tech trade secrets. In M. Krause and H. Tipton (Eds.), Handbook of Information Security Management 1999 (pp. 465-479). Boca Rato n, FL: Auerbach.

Businesswire. (2000, October 11). New software offering for biometrically enhanced security provides unmatched level of privacy. Retrieved October 11, 2000 from the World Wide Web: http://www.businesswire.com.

Byrne, J. (1993, February 8). The virtual corporation. Business Week, 98-102.

Carr, C., Furniss, J. and Morton, J. (2000, March). Complying with the economic espionage act. Risk Management,47(3), 21-24.

Christie, P. M. J., and Levary, R. R. (1998, July/August). Virtual corporations: Recipe for success. Industrial Management, 40(4), 7-11.

Cringely, B.(Writer) and Sen, P. (Director). (1996). Triumph of the Nerds. New York: Ambrose Video Publishing, Inc.

Dabholkar, P. A. and Neeley, S. M. (1998). Managing interdependency: A taxonomy for business-to-business relationships. Journal of Business and Industrial Marketing, 13(6), 439-460.

Demarais, N. (2000). Body language, security and e-commerce. Library HiTech, 18(1), 61-74.

Dickerson; C. M. (1998, January). Virtual organizations: From dominance to opportunism. New Zealand Journal of Industrial Relations, 35-46.

Edwards, C. (2000, July 2). Corporate spying becomes standard: More companies use hacking, bribery to stay ahead of competitors. Detroit News, p. 2.

Federal Bureau of Investigation. (2001). FBI--Awareness of National Security Issues and Response (ANSIR) Program. Retrieved May 23, 2001, Online: http://www.fbi.gov/hq/nsd/ansir/ansir.htm

Fitzpatrick, W. M. (2000). Strategic management and decision making: Creating and maintaining competitive advantage (3rd edition). New York: McGraw-Hill, Primis.

Fitzpatrick, W. M. and Burke, D. R. (2000a, Summer). Form, functions and financial performance realities for the virtual organization. SAM Advanced Management Journal 65(3), 13-20.

Fitzpatrick, W. M. and Burke, D. R. (2000b). Virtual partnering for transactional and relational competitive advantage. Journal of Global Competitiveness 8(1), 1-20.

Freeh, L. J. (1998, Janruary 28). Threats to U. S. national security. Testimony before the Senate Select Committee on Intelligence, Washington, D.C.: Author. Retrieved May 23, 2001, Online: http//www.fbi.gov/congress/congress98/threats.htm

Fuld, L. M. (1985). Competitive intelligence: how to get it--ho w to use it. New York: John S. Wiley and Sons.

Galbraith, J. R. (1995). Designing organizations. San Francisco, CA: Jossey-Bass.