What is counterespionage?
Counterespionage is the practice of detecting, preventing and defeating attempts to obtain confidential information without authorisation, whether technical, human or behavioural.
Read the full explanation.
What is the difference between counterespionage and counterintelligence?
Counterespionage is the active work of defeating a specific espionage threat; counterintelligence is the broader, strategic effort to understand and degrade an adversary's capabilities.
More on the distinctions.
Is counterespionage only relevant to governments?
No. Any organisation whose information has value can be a target. Corporate espionage, insider threat and surveillance are commercial realities for businesses, executives and legal teams.
What is TSCM, or a bug sweep?
TSCM stands for Technical Surveillance Countermeasures: the systematic inspection of a space for covert surveillance devices and the vulnerabilities that allow them.
How TSCM works.
How do I know if I am being bugged?
Suspicion often arises when confidential information appears to have leaked. Consumer detectors are unreliable, so the sound response is a professional TSCM inspection rather than self-diagnosis.
Can I do a bug sweep myself with a detector?
In practice, no. Modern devices may transmit intermittently, sit dormant, operate outside consumer detector ranges, or hide inside legitimate equipment. Professional TSCM relies on methodology and calibrated equipment, not a single gadget.
What is an insider threat?
An insider threat is the risk that someone with legitimate access, an employee, contractor or partner, misuses it to cause harm. Most insider harm is opportunistic rather than premeditated.
More on insider threat.
How do you reduce insider risk?
The most powerful lever is culture. A workplace where people feel heard and treated fairly removes much of the fuel for opportunistic harm. Understanding how staff genuinely feel, then improving culture, awareness and participation, does more than monitoring alone.
Can behaviour really reveal deception?
Behaviour can indicate that something warrants a closer look, but only in context. No single behaviour is a reliable tell. Responsible behavioural intelligence identifies inconsistencies and informs judgement; it does not claim certainty.
More on behavioural intelligence.
What is corporate espionage and how common is it?
Corporate espionage is the covert acquisition of a business's confidential information for commercial advantage. It is more common and more mundane than its reputation suggests, and frequently internal.
More on corporate espionage.
How is espionage different from a data breach?
A data breach is typically a cyber event involving systems and data. Espionage is broader, encompassing technical surveillance, human sources and behavioural methods, and is often aimed at specific information or decisions.
Why are executives and boardrooms a particular target?
Senior leaders hold and discuss the most sensitive information, and operate under pressure that erodes caution. This concentrates risk where a compromise does the most damage.
Executive and boardroom security.
Do I need a specialist, or can I manage this internally?
Internal awareness is valuable and worth building. But technical detection and sensitive investigations require methodology, equipment and independence that are difficult to replicate in-house. The two work best together.
How do I choose a counterespionage or TSCM provider?
Verify their claims rather than taking them on trust: ask for referrals from comparable clients, check company history and credentials, confirm any government work against public tender records, and run a background check given the access involved.
A full guide to choosing a provider and avoiding charlatans.
How can I check if a provider really works with government?
In Australia, government contracts and tenders are commonly published, so claims of government work can usually be verified through public tender and gazette records rather than taken on trust.
More on vetting a provider.
How do I know if my phone is bugged?
Most everyday signs people attribute to a bugged phone have ordinary explanations, and detection apps are unreliable. Genuine device risk is real but situational. If you have specific cause for concern, seek a professional assessment rather than self-diagnosing.
More on phone and device surveillance.
Isn't cyber security enough to protect our information?
No. Cyber security protects information inside your systems, but much of your most sensitive information is spoken in rooms, carried by people, or exposed through devices, none of which cyber controls reach.
Why information security must be holistic.
Who is behind this site?
It is maintained by Julian Claxton and Jayde Consulting, the people who do this work day to day.
More about the site.