The Greatest Corporate Espionage Risk Is Internal

KPM Fraud Update link to blog.

08 Jul The Greatest Corporate Espionage Risk Is Internal

It is a federal crime to steal trade secrets, but that does not stop thieves from successfully making off with billions of dollars in intellectual property (IP) annually. Companies may work hard to prevent outsiders from infiltrating their organizations, yet the greater danger is generally internal. Here is how to identify your business’ corporate espionage vulnerabilities and prevent employees from taking advantage of them.

Bad & good intentions

Employees with access to trade secrets may take that information with them when they leave your company or pad their paychecks by selling information while still employed. But not all employees who share IP have bad intentions. In some cases, they may not realize they are passing it on. An engineer, for example, may agree to help a ‘student’ with her research or an operations manager may participate in a ‘customer satisfaction survey’ by a box manufacturer.

In the latter case, telling a competitor how many of certain size boxes your company used may be equivalent to releasing sales specifics. Even harder to control is the practice some companies have of sending eavesdroppers to bars and restaurants frequented by a rival’s employees.

Protecting sensitive data

You can reduce the risk of trade secret theft by first identifying what information should be guarded. New technology and market strategies are clearly sensitive. But customer complaints or component purchasing data also may be valuable to some competitors. Start by asking which competitors would benefit from what information.

Next, determine how much of your sensitive information is at risk and where the vulnerabilities lie. Passwords, firewalls, and other security measures are critical to protecting data, but they are not invulnerable. You also need to consider who has access to confidential information and how your business processes drive how such information is used.

Finally, develop a security policy that considers your business methods, potential external weaknesses, and staffing patterns, as well as the need to protect vital information. Revisit the plan periodically as your business and competitors change.

Get employees on board

Be sure to educate employees about the threat of corporate espionage and let them know how to report suspicious activity such as people asking for details about their jobs. Emphasize that secrets can be revealed inadvertently and that they need to be careful about what they say in public.

However, clarify that not all research into your company is illegal. Public documents such as Federal Communications Commission and regulatory filings, content on your website, and published articles on your company can give an experienced business analyst a fairly accurate idea of what you are doing. Actual corporate espionage involves theft of information that has not been made public.

Questions about protecting your business? Please contact us.