Is Someone Stealing Your Company’s Secrets?
Corporate espionage has long been a threat for U.S. companies. Recently, intellectual property theft by foreign governments and organized crime gangs has grabbed headlines — for good reason. According to the U.S. Justice Department, 80% of its economic espionage prosecutions target schemes that would benefit China. Yet for most businesses, the threat comes from employees and former employees who take advantage of lax environments with few internal controls.
The problem . . . and a solution
Employees with access to trade secrets may take that information with them when they leave your company for another job — or pad their paychecks by selling it to your competitors while still employed. As with all types of fraud, workers are more likely to participate in corporate espionage if they’re unhappy in the job (motive), have access to sensitive information (opportunity) and can mentally excuse the act (rationalization). For example, thieves may rationalize selling IP because they feel underpaid and that they “deserve” the fraud proceeds.
You can reduce espionage risk from unethical employees by first identifying information that should be secured. New technology and market strategies are clearly sensitive. But customer complaints or component purchasing data may also be valuable to your competitors. Think about which competitors would benefit from what information.
Then determine how much of your sensitive information is at risk and where the vulnerabilities lie. Passwords, firewalls and other security measures are critical to protecting data, but they aren’t invulnerable. You also need to consider who has access to confidential information and how your business processes drive how the information is used.
The last step is to develop a security policy that considers your business methods, potential external weaknesses and staffing patterns. Revisit the plan periodically as your business and competitors change.
Stop loose lips from sinking ships
Be sure to educate employees about the threat of corporate espionage and let them know how to report suspicious activity such as people asking for details about their jobs. Emphasize that secrets can be revealed inadvertently.
For example, a software developer may agree to help a “student” with her research, or an operations manager may participate in a “customer satisfaction survey” by a manufacturer. Employees also need to watch what they discuss with coworkers in public places such as lunch spots and after-hours bars. They never know who’s eavesdropping.
Of course, not all research into your company is illegal. Public documents such as Federal Communications Commission and regulatory filings, content on your website and published articles on your company can give an experienced business analyst a fairly accurate idea of what you’re doing. Actual corporate espionage involves theft of information that hasn’t been made public.
Actual threats
Although your business should put most of its anti-espionage resources into preventing employees from stealing IP and selling it to competitors, actual threats may vary according to your industry or products. The IP of defense contractors and technology companies, for example, may be attractive to foreign states.
(This is Blog Post #1114)