Corporate espionage (also known as industrial espionage) is the act of illegal data collection against a corporation. Illegal data collection methods can range from computer hacking, theft, intimidation, dumpster diving or even posing as someone who actually works for the company. What are these “thieves” looking for?
- Corporate intellectual property
- Patents in progress
- Customer information
- Pricing strategies
- Source code
- Unique manufacturing
- Technological Operations
- Research and development
- Future plans and markets
Most often, business espionage is committed by employees. In fact, employees account for 85 percent of corporate espionage. In total, companies lose up to $100 billion per year due to business espionage. Businesses should implement a number of security safeguards to prevent these actions from occurring.
Identify your company’s trade secrets.
Before you can protect something, you have to identify what needs to be protected.
Identify the threats.
Before firms develop strategies to counter industrial espionage, they need to understand who presents the largest threat. For example, a company’s competitors may pose the most obvious danger. However, it should be kept in mind that business partners, customers, hackers, activist groups, current employees, and even foreign national governments are all potential threats and should be taken into consideration when building a counterespionage plan.
Keep information on a “need to know” basis.
Not all information needs to be accessible by every employee in a company. It’s best to put in place policies to choose which employees have access to which information, with special attention given to those employees who have access to a company’s most vital trade secrets.
Conduct background checks. Firms should conduct background Checks on all employees with access to sensitive data. This may even include often-overlooked individuals such as janitors, caterers, and groundskeepers. Specifically, firms should attempt to identify any possible factors that could make a particular worker more prone to illegally disclosing information. Firms should also continue to carry out periodic security evaluations of their employees even after they have initially been vetted.
Make cyber-security a priority.
As we’ve talked about in previous blog posts, cyber-crime is not the future, it’s now. Therefore, it is important for companies to have strong cyber-security. While these security systems should look for outward threats, they should also look inward. Monitoring internal networks may uncover suspicious activity. A good example would be copying and accessing of sensitive files.
Plan for the worst by establishing a Crisis Management plan.
Even the best-laid plans can go wrong, we live in an unpredictable world. It’s important for companies to have a Crisis Management plan in place, in the event of intellectual property theft. Firms should attempt to assess the potential damage caused by the theft of trade secrets and develop response plans. They should consider losses to their competitiveness as well as losses to their reputation. Additionally, it is a good idea for firms to have an investigative and legal strategy in the wake of an incident of corporate espionage.
Thomas Ruskin 