PepsiCo has just won some brownie points with the US authorities by reporting an attempt to sell its rival Coca-Cola’s trade secrets. It seems a junior employee had stolen a phial of a secret new product and attempted to hawk it to Pepsi for $1.5 million. A trap was set, the lady was caught on video camera, and now it’s bonhomie and bubbles between the traditional rivals.

The video cameras are probably the only thing hi-tech about the entire incident. This is apposite. Today, technology lapses are blamed for most security failures. A huge industry has grown up in providing security to companies. Organisations have crippled themselves because the IT department has convinced the often technology-illiterate CEO that Internet access is dangerous. Others are spending huge sums of money to mount defences.

The truth, however, is that security is more a concern of the HR department than IT experts. Sure, viruses, key loggers and the like can break open defences. But the solution is more often awareness.

Take one of the celebrated cases of corporate espionage in recent times. In 2001, Procter & Gamble (P&G) went dumpster diving in the US to ferret out the secrets of rival Unilever. It sounds like a sophisticated technique. What it actually means is that the P&G people went sifting through Unilever’s garbage in search of relevant documents. It’s not new. Earlier, Oracle chief Larry Ellison paid investigators to dig up dirt on Microsoft ? literally.

Where do most of the leakages take place? CSO magazine, a resource for security executives, quotes Jack Nolan, founder of the Phoenix Consulting Group and the man who orchestrated the P&G Dumpster Diving episode. He says ringing up a company and pretending to be a student or a researcher can pay rich dividends. Another tactic: sending someone for a job interview at a rival. Pop the question: What would you expect me to work on here and what are the challenges you can offer that company X cannot? You will get a lot of revealing answers.

Look also at people who have just left the organisation. A lot of secretaries may be the repository of corporate and personal secrets.

“In India, we have both advantages and disadvantages,” says a security analyst. “First, there are not too many corporate secrets. Much of this secret formula business is just bumf. A new Coke or Pepsi product is just carbonated water at the end of the day.”

Second, he continues, if you want a so-called secret, it is always available at a price. In India, corruption and bribery is considered part of the game. Also, you don’t have the urgent need to put everything down on paper. They do this in the West out of the necessity to protect their own backside. Here there are other ways of doing that.

The secrets that leak out can cause embarrassment, not disaster. An ad campaign copying your own expensive effort is launched days before you unveil your extravaganza. A foray into a new market is pre-empted by a rival. “No matter,” says the CEO of a FMCG company. “There is room for all. And, believe me, some of this is stage-managed. Campaigns that would normally have vanished without a trace are given life because of the controversy they create.”

But what about bids for contracts? It may be all hush-hush. But most people do have a good idea of what the others are bidding. You fight on other parameters.

That said and done, some degree of corporate secrecy is necessary. A company of blabbermouths can’t succeed in the long run. But it is for the HR department to try and instil the right culture, not for the IT department to introduce virtual jails.

Transparency International’s

Corruption Perception ranking 2005

1. Iceland
2. Finland
2. New Zealand
4. Denmark
5. Singapore
11. UK
17. USA
78. China
88. India
144. Pakistan

Note: A lower rank implies greater corruption
Source: Transparency International