Security : Not Just a Technical Problem

Ask any iGaming CEO for his major operational priorities and chances are security will be towards the top of the list. If pressed for more detail, he may tell you information or hardware security. This industry as a whole learned of a new kind  of high-tech hazard in July of 2004, when it was publicized that Russian Gangsters had been arrested for their role in DOS attacks on several offshore Sports books.

      There is no doubt that the DOS attacks sent a shock wave through the industry. But with such a strong focus on network and telecommunications security, internal or in-house security can often be overlooked. We have all seen spy movies where electronic bugging devices are used to listen into private conversations; however a bug is not just for use against a foreign country’s government. Phil Moriarty is the President of Interglobe Investigation Services, a Vancouver Canada based firm that helps businesses prevent and counter industrial espionage. ‘We uncover a bug in only 1-2% of Counter Surveillance sweeps for clients; then again we have done over 500 of these searches.
Often the bug has been removed by those who placed it before the theft has even been noticed,’ said Mr. Moriarty. Even with a suspicion that there may be a bugging device on the premises, those who call for the search still react strongly after being made aware they are under surveillance. ‘I told one particular company director he had a bug in his office, he was physically sick on the spot ’.

Know your staff

But it is not just bugging devices that harvest company secrets; outright criminal theft is not uncommon in companies. ‘Cases where a competitor will hire a felon to steal specific items from a rival’s office are not unheard of. But it is not just laptops and documents stolen, general office equipment is also taken so the break-in does not look to be targeted. ’  Mr. Moriarty went on to talk about a threat that is a little closer to home. ‘We also recommend that companies, where possible, retain their own cleaners and maintenance staff. This is not always easy in an age of outsourcing, but doing this lends itself to greater internal security. We have had instances where the after-hours cleaners at a large corporation were actually direct employees of a rival firm. The cleaners were sent in specifically to find sensitive information. ’

The mole

‘If you can afford it, install an electronic card entry system and tie it into a surveillance system. This way you will know who is in and out of the premises and at what time. I asked Mr. Moriarty what it is that smaller companies who perhaps don’t have a budget for internal security could do. ‘I would tell them to treat laptop computers and filing cabinets like gold,’ he said. We have installed devices in laptops that act as tracking devices for clients, sometimes when a laptop goes missing we trace it to a competitor’s offices. If you can lock your office door at night then do so, if possible put   your laptop in a locked filing cabinet also. ’

      Sometimes a security threat comes from employees within the same organization. “Seeding” involves placing a competent and experienced employee into a lower level role in a competitors office and is something that Silicon Valley has had to deal with for some years now. Once the seed or plant is granted basic access to the targeted company’s operational tools, it is possible for sensitive information to be quickly acquired, this having two main effects. The first and most obvious is the gain of information for the company doing the spying. This information may allow a product to be quickly improved, give insight into certain operation procedures or it may even allow the company to beat a competitor to market with a similar product. The second effect is the sheer impact on the staff inside company once they have found they are victims of seeding. Often they experience a real deal sense of shock and instruction. The information taken may just be of a business nature, but they may fell that their own personal well being is somehow compromised. The effect on company morale and therefore efficiency can be devastating.

Watch your staff

Here are some examples in which gaming employees in low to mind level roles could garner information. A Customer Service Rep who remembers one email address or one cell phone number per day, will, after a couple of months have garnered information on your most valuable customers or VIPs.
      An Accounts Payable clerk has access to key financial transactions, who you key media partners are and what you pay them and for what,  salaries of key employees, and in some cases operational costs of the company. A Data Base Administrator aside from having access via a simple SQL Query to your entire customers database can access financial transactions and information on 3rd party supplied and proprietary gaming platforms and systems. Any role that involves some  kind of production as part of a new casino game, reporting tool or e-mail / SEO stradgy involves sensitive information.

      Obviously, it is impossible to restrict all information that your employees have access to. A information that your employees have access to. A far better way to manage seeding is from the HR side, by making sure the people that join the firm are who they say they are and by keeping existing employees satisfied in as many areas of their career as possible.
      I spoke with Rob Dowling founding partner of PentAsia, a London England based Recruitment Company. PentAsia specializes in filling vacancies for online gaming companies worldwide from Customer Service reps to Managing Directors. ‘I have encountered many situations in this industry where organizations have hired individuals whom it has later been found have questionable integrity. PentAsia did not place these people let me add: Mr. Dowling said. I asked Mr. Dowling how iGaming companies could make sure a person fills a role for the right reasons.

     ‘My advice for HR managers is to use a thorough and structured interviewing process and a comprehensive reference policy for any and all prospective employees. The later is not always easy, but there are companies that will undertake to reference candidates. In the early days, operators and vendors would have been horrified at the thought of contacting one another to check a candidate’s references. To your HR manager’s favor, as the industry has matured communications between firms has improved immeasurably thereby making it easier to verify a job seeker’s experience and skill set. ’
      Mr. Dowling went on to give advice on doing so. ‘Aim to build a mutually beneficial, trusting and long term partnership with one or two recruitment firms rather than seeking to hire the cheapest or first you find. Partner with a firm that fully understands what you are looking for in an employee and one that naturally values your business. Just as you would expect a recruitment firm to check a candidate’s references, go ahead and check the track recored of any firm you are considering doing business with’.

      Retaining employees is very important, even more so give that iGaming finds itself experiencing a candidate driven labour pool. But simple ongoing HR procedures will help minimize the occurrence of seeding. ‘If organizations are genuinely concerned about the security of sensitive data and the propensity of their staff to defect to the opposition, then staff retention must be addressed. Ensure that staff reviews are held at least every 6 months  and even more often in the first year of employment. It is vital that not only the company views are voiced but also the views of the employee are heard. A happy and contented worker is far less likely to turne traitor.
      When company is planning an overall employee security strategy, it is important to find a balance between protecting the company and its intelligence and maintaining a feeling of trust with the employees themselves. It is said that secrecy breeds suspicion and there is no doubt that this industry has suffered often times due to an attitude of overzealous secrecy. IGaming companies need to take adequate precautions to avoid industrial espionage, while not dampening team spirit nor marginalizing employee creativity and enthusiasm