Skip to content
Toro Insights

TSCM – What is it & why it’s more important than ever before…

Toggle

Picture this: you're in your boardroom, discussing confidential matters with your team, unaware that a hidden camera and a miniature microphone has been concealed and is capturing every word said.

If this information was then shared what damage would this do to your business, your brand, your employees, and your clients?

In today’s interconnected world, where information is power, safeguarding sensitive data and confidential conversations has become increasingly vital and more difficult.

As technology advances, so do the methods of covert eavesdropping and monitoring. Hidden cameras and miniature microphones, easily concealed within everyday objects, pose a significant risk to privacy, whether in corporate boardrooms, government offices, or personal spaces.

So how can you prevent this?

Technical Surveillance Countermeasures (TSCM), commonly known as bug sweeping, can be traced back to the Cold War era, where intelligence agencies utilised various techniques to detect and counter electronic surveillance. Over the years, TSCM has evolved and is now an essential part of corporate security programmes.

This blog discusses what TSCM includes, when you should consider it and why at Toro, we believe it’s more important than ever before.

What is it?

Technical Surveillance Countermeasures (TSCM) is an inspection of an area using technical and physical equipment and techniques to detect eavesdropping devices and vulnerabilities that could lead to an information and data breach. TSCM is often referred to as ‘bug sweeping’.  

What’s the purpose?

TSCM services are employed to detect electronic eavesdropping devices that are used to obtain information on an individual or organisation without their permission or knowledge. Most often, these devices are hard to detect, and their presence is not known by the persons who they are collecting information on.

When should it be done?

TSCM should not be seen as a reactive security measure; it should be a proactive investment built into your corporate security plan.

Regular bug sweeps should be conducted and it's critical to conduct the activity around any of these events:

  • When you have reason to believe surveillance activities are being undertaken on you, your businesses, business partners or staff.
  • Before a meeting where an information leak is likely to result in undesirable and consequential outcomes.
  • Following an event such as an office refurbishment which enables a threat actor to access and deploy surveillance devices more easily.

Why is the threat greater than ever?

Technology is advancing every day, and this has fuelled the development of covert eavesdropping devices, equipped with longer-lasting batteries and improved concealability. These devices, leveraging GSM technology, can be easily obtained from online retailers, can be disguised as everyday objects, and easily deployed, making detection extremely difficult. Eavesdropping is no longer limited to sophisticated threat actors, but to anyone with the motivation and willingness to act nefariously.

Who is likely to eavesdrop?

The motives for surveillance can be far reaching but typically fall into the acronym MICE – Money, Ideology, Compromise/ Coercion or Extortion or Ego and will be conducted by the likes of business competitors, organised crime groups, disgruntled employees or former partners, and landlords.

Over the last few years, we have also seen a large increase in insider threats. Reports show a 74% increase in insider attacks and 60% of organisations falling victim to at least one attack. The total average cost of insider threat incidents has increased by nearly 95% between 2018 and 2023 (Ponemon Institute.)

How is it done?

Many businesses implement their own TSCM physical search team however whilst these capabilities provide a good deterrence the ability to detect the full range of electronic eavesdropping devices is limited and therefore, we’d recommend investing in an external specialist TSCM team.

TSCM teams are experts in security, communications, and surveillance with a background in electronic surveillance and telecommunications.

Using a range of specialist equipment’s TSCM teams can detect the full range of electronic eavesdropping devices. This equipment detects transmitting (active) and non-transmitting (passive) devices.

TSCM inspections will involve spectral searches, structured cabling searches and physical searches of the inspection area and the teams will use the range of search equipment’s and techniques in a coordinated manner to ensure the area is thoroughly searched.  

What are the devices used?

Electronic eavesdropping devices come in varied forms but generally fall into the following categories: Audio, video, tracking and data. Devices can be transmitting and non-transmitting.

These devices can be discreetly placed in various locations, including behind paintings or mirrors, within appliances or cabling, or under desks and flooring. Surveillance can also occur from nearby buildings with a direct line of sight to the target area.

How can you further protect yourself?

Creating a TSCM needs assessment and ensuring sweeps are undertaken when you are most at risk of a data leak, such as prior to and/ or during a highly confidential meeting. Undertaking regular sweeps should also be an essential part of your security corporate programme as these periodic checks will help ensure your ongoing protection against potential surveillance threats. The frequency of these sweeps should be tailored to your organisations risk profile, industry, and specific requirements.

There are other additional measures that you can put in place to help further reduce your risk. We’d recommend that within your office you provide designated and secure rooms which are afforded greater protection. We’d recommend not allowing staff to take their own personal electronic devices into meetings and do not allow any electronic devices into highly sensitive and confidential meetings. We’d also recommend closing blinds and shielding windows from external viewing when displaying and discussing confidential information.

It’s also important to not discuss confidential information in vehicles, hotel rooms and holiday lets, and be aware of what and who can see your computer screen. Also, use your own cables outside of your workspace.

For TSCM to be truly successful you need to build it into a broader security improvement programme that includes physical security, cyber security, and your people and aligns your security initiatives with your business goals. TSCM shouldn’t just be about the sweep, but part of a wider security programme of identifying vulnerability and educating people in your information security controls.

Lastly remember ongoing monitoring is crucial. TSCM isn't a one-and-done deal; it’s an ongoing critical tool in protecting privacy, confidentiality, and sensitive information in a time of pervasive surveillance threats.

If you are interested in how Toro can support, please get in touch.

 

  1. https://www.helpnetsecurity.com/2023/01/30/detect-insider-attacks/