A chapter on ‘information security’ in D. C. Pathak’s ‘Intelligence: Corporate success and vigilance’ (www.manaspublications.com) opens by acknowledging that in a world ruled by information, what enables one player in business to outsmart another is the knowledge of ideas, processes and technology.
Corporate governance in these times, therefore, requires consolidation of knowledge as an organisational resource, ongoing efforts to protect such information from outside as is warranted by the firm’s strategic decisions, and a clear understanding within the organisation of the business ethics, the author outlines.
In his view, three major areas of vulnerability demand attention, over and above the protection secured under the patent laws. “One is the safe storage of information, the other is the check against any intrusion on the information route, and the third is the adoption of a sound ‘exit policy’ so that there is adequate deterrence on an employee who could, on leaving the firm, think of passing on vital business information of that enterprise to a rival company.”
Pathak advises companies to pay attention to the quantity and type of information that is divulged in media releases, speeches, websites, and other channels of communication such as recruitment advertisements. “Further, the firm must educate its tradeshow personnel on what information is not for public consumption. Sometimes a two-day tradeshow yields as much competitive intelligence as a year-long intelligence gathering.”
At times, it may not be prudent for the company to go for legal action, he notes. “In a legal battle, the company may have to reveal much more than what would be good for its security.”
Security steering group
IT-based enterprises should have a steering group on Internet security, headed directly or indirectly by the MD, the author recommends. He speaks of three important functions for such a group: Lay down the security policy by identifying protected information and defining access to the same; establish a suitably structured security administration and approve the electronic security tools needed by the firm; and monitor implementation of the security policy by examining the periodical security audit reports.
Towards conclusion, Pathak describes the characteristics of enterprises in the age of intelligence. Foremost will be the shift from the hoarding of vast quantity of information to the gathering and developing of quality information.
Second, vital business decisions, as he foresees, will be based on intelligence, rather than on information that is available to everyone. Third, Pathak expects firms to have ‘intelligence innovators’ and not mere knowledge workers as their most valuable assets, to help in developing new lines of business and application of technology.