Wiretapping Is a Threat to Small Businesses -- Here's How to Protect Yourself
Wiretapping is serious business, and it's unwise to bank on the idea that it won't happen to you.
If you've paid any attention to the news lately, you've probably heard about President Donald Trump's explosive claim that former President Barack Obama wiretapped his phones at Trump Tower to interfere with the election. Although the conversations around security concerns have been centered on the political sphere recently, wiretapping and other types of cyberattacks have solidified their presence in the private sector, too.
Using spyware and other illegal surveillance tactics, crooked business owners can hack into competitors' computers or phones to steal information. While it may sound more like a “Bond” movie trope than a pressing business issue, there are plenty of reasons why you should consider the possibility of a wiretapping attack.
Why business owners should be concerned.
There are two different types of wiretapping threats that can harm startups and established businesses alike -- especially if they house proprietary, confidential information.
First, there's government wiretapping. You might assume the simplest way to eliminate this threat is to abide by the law, but you’d be forgetting that, aside from the U.S. government, there are plenty of countries that have proven they’re willing to use Big Brother-style surveillance tactics to compromise private companies. If you work with an opposition party or in a sensitive industry in another country, your client’s government might target your business.
Then, there's old-fashioned corporate espionage. If a competing company is desperate to get an edge over your business, it may use wiretapping to steal your information or otherwise compromise your company to gain an advantage.
Unfortunately, it doesn't take a computer genius to obtain wiretapping software -- a reporter for Motherboard bought one online for just $170. One program allows hackers to send a single text message to anyone's phone and activate the microphone, transforming your smartphone into a way for spies to eavesdrop on everything you're doing. Similar software can track every text message a phone sends or receives, download copies of all photos taken, store a log of every phone call and even pinpoint the phone's geographic location.
Protecting your company from wiretapping.
Luckily, there are legal protections in place should hackers target your business. The Computer Fraud and Abuse Act prescribes up to 10 years behind bars for illegally accessing someone's phone to install wiretapping software. Illegally tapping a landline is punishable by hefty fines and up to five years in prison, according to the Electronic Communications Privacy Act.
But wiretapping is serious business, and it's unwise to bank on the idea that it won't happen to you. Instead, there are a few ways to protect your company from a security risk:
1. Beef up your IT infrastructure.
A CSID survey found that 58 percent of small business owners say they're concerned about cyberattacks, yet more than half of them aren't putting any money toward improving security measures. This is incredibly risky. According to a Symantec report, small businesses were the target of 43 percent of cyberattacks in 2015. When clients and customers trust you with their personal information, it's your duty to protect them in every way you can.
At the very least, take the time to install software updates in a timely manner. Just this month, tens of thousands of computers in 74 countries fell victim to a ransomware attack that locked businesses, organizations and even hospitals out of vital information, as reported by WIRED. While the perpetrators behind the attacks are unknown, the method of their attack is -- and it was entirely preventable. The attackers used a piece of malware called WannaCry to exploit a flaw in Windows that Microsoft released a patch for back in March.
2. Investigate anyone with access to your vital data.
Many business owners are blindsided by cyberattacks -- even if the perpetrator was right under their nose the entire time.
According to an IRS report, a Kansas City, Kansas, company recently experienced a nightmare situation in which one of its employees, Kenneth Voboril, embezzled more than $6 million. He did so by creating fake companies, entering false information about truck loads and deliveries into his employer's database and then billing his employer for those fake deliveries. Voboril was ultimately sentenced to 63 months in prison, but that didn’t negate the harmful implications of his misdeeds.
Although most cases of corporate fraud don't result in losses amounting to $6 million, it can be incredibly expensive for your business to clean up one of these disasters. Small Business Trends analyzed a variety of cybersecurity statistics and found that the average small business spends nearly $900,000 because of theft or damage to its IT infrastructure. On top of that, it typically loses more than $950,000 from the resulting disruption of operations.
The good news is that it's relatively easy to find out whether a suspicious employee or someone else close to your business is defrauding you. Hiring a private investigator is far easier on the wallet than nearly $2 million in damage control. My company has found that investigators typically charge between $70 and $200 per hour, and the average cost to close a case came to $675.
3. Establish data security policies for your company.
Sometimes, fraud is purely accidental, committed by employees who don't realize the impact of their actions. For example, new hires may not even be aware that some information is confidential and could end up revealing proprietary info to someone with the power to take advantage of your company. But there are also not-so-innocent situations, when departing employees start competing businesses and leave behind wiretapping tools to take advantage of their former employers.
This is relatively common in the corporate world. Waymo, the autonomous car unit of Alphabet, recently filed a lawsuit against former employee Anthony Levandowski. The company claims that Levandowski stole trade secrets when he left to start Otto, a self-driving truck company that was later bought by Uber. Furthermore, Waymo also alleges that other former employees who left for Otto and Uber downloaded and stole sensitive files from the company.
Create clear policies that explicitly state what is and isn’t confidential information, and outline the ramifications for violating them in employment contracts. Spend time educating your employees about types of suspicious activity, too. As a result, you’ll help prevent your business’s trade secrets from landing in the wrong hands.
Wiretapping, fraud and other forms of illegal surveillance may sound like things that only happen in the movies, but they're very real problems that affect small businesses every day. So take the necessary precautions to protect yourself against this risk -- you won’t regret it.
Danny Boice is the co-founder and CEO of Trustify, providing private investigators on demand. Danny founded Trustify out of his passion for truth, trust and safety — especially with vulnerable populations such as children and the elderly. Danny and his wife, Trustify co-founder and president Jennifer Mellon, lead Trustify's charitable giving by providing pro bono investigative and protective services to vulnerable populations such as missing and exploited children, domestic violence survivors, those in the foster care and adoption system, aging Americans and more.