Corporate espionage involves the theft of information that hasn’t been made public and each year businesses lose billions of dollars in intellectual property (IP) from thieves stealing trade secrets. Companies may work hard to prevent outsiders from infiltrating their organizations, yet the greater danger is generally internal. Here’s how to identify your business’s corporate espionage vulnerabilities and prevent employees from taking advantage of them.
Bad and good intentions
Employees with access to trade secrets may take that information with them when they leave your company — or pad their paychecks by selling information while still employed. But not all employees who share IP have bad intentions. In some cases, they may not realize they’re passing it on. An engineer, for example, may agree to help a “student” with her research, or an operations manager may participate in a “customer satisfaction survey” by a box manufacturer.
In the latter case, telling a competitor how many of certain size boxes your company used may be equivalent to releasing sales specifics. Even harder to control is the practice some companies have of sending eavesdroppers to bars and restaurants frequented by a rival’s employees.
Protecting sensitive data
You can reduce the risk of trade secret theft by first identifying what information should be guarded. New technology and market strategies are clearly sensitive. But customer complaints or component purchasing data may also be valuable to some competitors. Start by asking which competitors would benefit from what information.
Next, determine how much of your sensitive information is at risk and where the vulnerabilities lie. Passwords, firewalls and other security measures are critical to protecting data, but they aren’t invulnerable. You also need to consider who has access to confidential information and how your business processes drive how such information is used.
Finally, develop a security policy that considers your business methods, potential external weaknesses and staffing patterns, as well as the need to protect vital information. Revisit the plan periodically as your business and competitors change.
Get employees on board
Be sure to educate employees about the threat of corporate espionage and let them know how to report suspicious activity such as people asking for details about their jobs. Emphasize that secrets can be revealed inadvertently, and that they need to be careful about what they say in public.
However, clarify that not all research into your company is illegal. Public documents such as Federal Communications Commission and regulatory filings, content on your website and published articles on your company can give an experienced business analyst a fairly accurate idea of what you’re doing.
Questions about protecting your business? Contact Andrea Addo, CPA, MBA, CFE, CITP to discuss your concerns.