Whilst stories of complex and sophisticated cybercrime continue to dominate headlines, relaying record levels of personal data theft and financial fraud, a far simpler threat is starting to creep into boardrooms, putting the security of the spoken word at serious risk.

Covert eavesdropping is on the rise and businesses aren’t paying attention. As devices become increasingly inexpensive and accessible, fraudsters don’t need the skills of a former MI6 officer to deploy them. In fact, the only ‘skill’ they may need to steal information is to gain access to a wall or under desk socket and simply plug something in.

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

When are firms at risk of information theft?

The risk of an organisation becoming a victim of covert eavesdropping increases at certain times, and particularly when timely information can be so valuable to an opponent.

In Financial Services, and in particular banking, the risk lies primarily in the boardroom or any other location where high-level strategy is discussed. Confidential discussions about rates and associated product launches, or even mergers and acquisitions, can be gold dust to a competitor and are extremely risky in the hands of unscrupulous actors. The risk also extends beyond the confines of a firm’s home base or HQ.

Hotel conference facilities, meeting rooms and even private suites are regularly used to hold some of the most confidential and private business conversations. With this comes the inherent threat from the dark side of espionage – the professional corporate eavesdropper. Here it is not uncommon for a professional eavesdropper to plant a cellular based listening device days or even weeks in advance of an off-site pre-arranged meeting. Such a device can be activated at will from anywhere on the planet. Let that sink in – or just ask Gary Lineker! In the majority of cases, many hotel chains’ attitude towards the electronic security of the business meeting spaces they provide is woeful and spaces are often left unlocked after business hours, allowing round-the-clock access by residents or even casual visitors.

Personnel can also be a point of weakness for firms and it is very common for businesses to become the victim of eavesdropping when key personnel are about to leave an organisation or have in fact moved on. A trusted former colleague would have had access to all of the sensitive areas of the organisation, leaving such information vulnerable. This can even include the server room and phone network.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Some organisations feel that because their internal office telephone system is digital or VOIP based they are immune to physical interception or ‘tapping,’ which is unfortunately not true. Most cradle-based desktop handsets contain a conventional microphone and speaker, which can have tiny transmitters placed inside handsets, activated by a motion detector switch. How do they get there? Again, it’s not rocket science – most handsets are simply plugged in to the extendable wire so can be swapped over in seconds.

Danger spots

Listening devices can be commonly secreted into everyday household devices such as lamps, radios, clocks, smoke detectors, plug extension bars, audio visual tech and even ever-present mobile phone chargers. Sorting the innocent from the dangerous takes experience, skill, and a significant investment in technical counter-measures equipment. What about that corporate gift you got at Christmas that now sits on your desk? Just saying…

All persons entering your office space, whether it be staff, cleaners or maintenance workers, unless chaperoned, could in theory gain free reign access to normally sensitive or vulnerable areas of the building. Again, we are specifically talking about boardrooms, senior personnel offices, and conference/meeting facilities.

Covering all bases

Unless firms proactively engage with the issue, it can be very easy to fall into false economy territory. Any technical search team should arrive with at least five or six different pieces of equipment if all risk bases are to be covered. There is no single ‘magic box with flashing lights’ that covers all eventualities. After that is down on hands and knees and up on ladders to complete the physical search.

Many clients have also introduced signal blocking ‘Faraday’ pouches for mobile phones during any roundtable meeting. These ensure that phones cannot be externally communicated with or activated during sensitive discussions.

The home or office is only half the story when assessing eavesdropping risks. Motor vehicles are also increasingly prime targets for the professional and amateur eavesdropper. Bluetooth systems helpfully broadcast both sides of a conversation into the vehicle and can be easily monitored and recorded by ‘buried’ devices. Simply ‘phoning in’ to the vehicle and activating the device from anywhere in the world is now possible with 3/4/5g connectivity, not to mention dash-cams – which listen and record 24/7 on a loop.

The frequency of searches obviously needs to be carefully considered. A ‘clean sweep’ is by its very nature only relevant for that particular moment in time. A common approach is to instruct a thorough check twice annually and ahead of any particularly sensitive or perhaps newsworthy meetings.

There are numerous serious legal consequences when conducting covert eavesdropping on third parties. All individuals under DPA and GDPR principals have a right to the expectation and enjoyment of a private life. Whilst prosecutions under interception of communications and computer misuse regulations are distinctly possible, in reality, much of the information harvested from covert eavesdropping is rarely disclosed verbatim. Rather, the valuable intelligence gathered is quietly used to gain competitive advantage or even to mount a smear campaign. When the gloves come off, anything is possible.

If you don’t look it’s probably fair to say you’ll never know.

Roger Bescoby, Director of Compliance at Conflict International