What to do if you suspect your organisation is being targeted by technical surveillance

Many workplaces have been empty over the past 15 months and it’s important to make sure that staff can return safely and securely. Part of making sure the office is safe is being aware of the risk of eavesdropping.

It is harder than ever to find hidden devices, like microphones or cameras, that are listening into your conversations. It’s crucial to know what to look out for, and what to do if you are worried.

When you notice something is wrong

There are several things you might notice that suggests something is wrong.

• Has something physically changed in your workplace without explanation?
• Has an apparently private conversation been alluded to by a competitor or contact?
• Is there a recurring fault with a technical system like an alarm, telephone or IT system which cannot be explained or fixed?

If you are concerned, you should immediately stop having sensitive conversations in the space. Apart from this you should try to behave normally, so that the attackers will not know they have been discovered.

Tell your security department

You should inform your organisation’s security team as soon as possible, but do not use the location or devices you think are being targeted. This may mean talking to them in person in a different area.

Before going to speak to the team, note the reasons that you are suspicious. Recording as much information as possible will help a Technical Security professional investigate.

Remember, there is no such thing as a silly report. Many technical attacks are discovered as a result of seemingly innocuous but unexplainable events being properly reported.

What will the professionals do?

Your organisation’s Technical Security professionals will contact other organisations, such as cyber security professionals or subject matter experts like UK NACE. These organisations will comprehensively investigate your concerns.

They may use specialist technical search equipment, analysis of logs and records from technical systems or interview people to establish whether further action needs to be taken. You may not be told the outcome of the investigation immediately, but all information will be taken seriously and investigated.

What should I do during the investigation?

You should not discuss your concerns in the potentially compromised workspace, even as a joke. You should not discuss the security incident with anyone outside of your team either.

Your technical security professional will let you know when it is safe to talk about sensitive information in your work area again.

What if I find a device?

In the highly unlikely situation that you physically discover what you believe to be a technical attack, you should immediately inform your organisation’s security team. Do not touch or remove the item. If it is safe to do so, you should stay with the discovery until a Technical Security Professional arrives.

If you discover an eavesdropping device in a private setting, you should inform your local police force on 101, who will inform UK NACE.