Since the downturn in the economy and the rise of layoffs nationwide, intellectual property theft is soaring.
Businesses surveyed by McAfee Inc. showed that companies worldwide lost an average of $4.6 million worth of intellectual property in 2008. Of the 1,000 companies surveyed, 42 percent said laid-off employees were the single biggest threat to their intellectual property and other sensitive data.
Intellectual property is a broad term that includes a company’s trademarks, patents, copyrights and trade secrets. While misappropriation of intellectual property continues to rise rapidly in the technology and biotech industries, any company that has valuable information can be a target and take steps to protect its intellectual property. Businesses that are growing fast or shrinking fast are considered most vulnerable.
The cost of dealing with cyber crime increased 56 percent in 2011 according to PC Magazine. Costs include detection, protection, containment and recovery. Companies also often have to pay extra for consumer compensation.
In recent years, intellectual property and sensitive data have become a currency for financially desperate or laid-off employees. Crime can be easily committed with a thumb drive or online account.
According to the report by McAfee, employees who steal data do so in some cases for financial gain. But for others, it’s a way to market themselves with the competition. Employees who fear layoffs may use sensitive data to seek backup jobs with competitors, hoping to secure a new job offer with existing knowledge or data from their current employer.
While companies are usually more concerned about network security and someone “hacking in” to the security system, their worst potential risk is their own employees because they are already in the network. But the public rarely hears about these cases. Ninety percent of cases are settled before reaching the court. Any company with an important trade secret does not want to be in court for the information to be public for any reason.
As misappropriation of intellectual property continues to rise, companies are seeking the latest strategies to protect themselves from computer crime. Companies usually begin the cyber crime process when the employer already has definitive proof of a crime, but the majority of the damage has already been done.
In May, the White House unveiled a cyber security proposal it hopes Congress will use as a framework for legislation. Among other things, the plan includes national data breach reporting, increased penalties for computer crimes, rules that would let the private sector coordinate with the Department of Homeland Security on cyber security issues and cyber security audits for critical infrastructure providers.
With cyber crime losses in the billions annually, companies must begin to face the threat internally and focus on how to handle the problem before it arises. Many new technologies are being developed to protect companies at all levels with easy implementation and competitive pricing for even the smallest business owners. The best defense for any company is to develop an early course of action before too much damage can be done.
For an employer, the best way to prevent sensitive information from walking out the door is to be proactive. Assume the employees are acting in your best interest and educate them of the rules, but be prepared if that’s not the case. We recommend the following steps to protect your company’s intellectual property and sensitive data:
•Get all employees to sign a confidentiality and invention assignment agreement the day they start work. Make it clear that any invention conceived or designed on company time belongs to the company.
•Educate employees about the company’s trade secret policies and have clear procedures in place concerning how to mark documents and e-mails for confidentiality. Make sure managers follow up with employees to ensure compliance.
•Continue to define and specify your trade secrets and key confidential or proprietary information with employees. By doing so, you’re making it clear that sharing this information outside the company is theft, and you’re not left scrambling to define it once litigation begins.
•Hold exit interviews with all departing employees and remind them of the requirements of their confidentiality and assignment agreements. Have them sign an exit interview review checklist.
•Instruct employees who have access to sensitive information not to delete anything from their computers or e-mail servers once you’re aware they’re leaving the company. If you do let them delete information, make sure the deletions are supervised by an internal information technology professional.
•Make a forensic image of every computer used by an employee who had access to sensitive information, especially if there is reason to believe that sensitive data may have left with the employee. If email is stored on a central server, consider saving the emails for a period of time to allow recovery.
Is it possible to stop all trade secrets and confidential information from walking out the door? The answer is no. A determined employee can do a lot of damage, so it’s better to be proactive, not reactive. A company that’s careful and has procedures in place can do a lot to protect its business.