|
Contact
address: 123 Aldersgate Street,
London, EC1A 4JQ
|
home > In The Media > “Loose lips sink ships”
Confidential information and Intellectual Property is becoming easier to steal, whilst most organisations and management believe that they have sufficient security in place for external hackers and threats, they rarely consider the more common danger; employees.
Neil Miller, Director at Commercial Security International Ltd (CSi) looks at the challenges of internal Intellectual Property protection. Your organisation’s Intellectual Property such as client lists, sales presentations, proposals, source codes, business models, passwords, financial information, blueprints, branding, colour schemes, formulas, new product designs, research and development files are at threat from internal theft if the relevant security measures and prevention cultures are not implemented correctly or effectively. Ask yourself; How many times has your organisation’s personnel emailed confidential proposals, sales presentations or client marketing information to their personal internet account so that they can work from home? Now ask yourself; What happens to the same confidential information when that person is made redundant; sacked or employed by one of your competitors? Intellectual Property (IP) theft, sometimes known as economic or corporate espionage, has increased in recent years through the ease of electronic communications and technology. You only need to think about the simplicity of buying new listening or “bugging” devices and technology from high street gadget shops and spy stores to realise that this is a real security issue for organisations today. This kind of attack presents a major threat to many commercial and government organisations. Though commercial deception and asset theft are widely acknowledged as significant commercial risks, the characteristic indicators of a problem are often not identified until significant losses have been incurred. Organisations cannot afford to be unaware of these indicators. So why do employees steal from their employers? On occasions, employees are often cajoled into giving away corporate secrets, whether knowingly or not. However, the following list highlights some of the more common motivations for stealing or revealing confidential and valuable IP to unauthorised third parties;
Examples:
The reality of this form of fraud or security breach is outlined in a recent study conducted by a computer forensics firm IBAS, which stated that nearly 70% of business professionals have stolen some form of corporate IP from their employer when leaving a job. So whatever your asset, protection from internal theft is extremely important if your organisation is to be successful, profitable and reputable in terms of control, share value and confidence. Senior management therefore has a responsibility to protect an organisation’s IP, just like any other corporate asset. CONTROLS To assist in strengthening internal security procedures against theft of confidential information, your organisation first needs to implement a security culture that is understood by both senior managers and employees collectively. This can be achieved by good communication, awareness and discipline. This will give employees an appreciation and understanding whether they are being targeted or blackmailed by criminal groups. The following controls should be integrated and complement existing security measures and policy to assist in the protection of your valuable information. Pre Employment Screening The first and most important step in combating unethical activity and fraud is to avoid recruiting or promoting deceitful candidates. Screening programmes that verify the integrity, reliability, ethics and financial standing of the candidate within recruitment procedures remains a necessity of 21st century business life. Recent money laundering legislation, corporate governance and compliance regulations implemented by the Financial Services Authority (FSA) have made it increasingly important for commercial organisations to verify the integrity of the people they employ and those with whom they conduct business. Knowing your staff is as important as “Knowing Your Customer”. CSi has developed brand new online investigative software called proScreen: Integrity that checks the integrity of new employees and their CVs to confirm their background. IP Awareness and Employee Training New employees can be a frequent source of confidential leaks. Therefore, the objective of employee training should be to communicate and familiarise employees with the concept of IP, its value and to inform them of their obligations and consequences in regards to the unauthorised transfer of confidential information, patent protected and other licensed materials. Agreements and Contracts One of the most effective measures against IP theft is to design and implement a failsafe non-disclosure agreement or contract for internal employees (and external contractors) to sign on employment and again on termination stating categorically that they have not taken any corporate documents, files, property with them. This is a significant deterrent against taking IP, whilst every employee is then made aware of the actions that will be taken if they are caught stealing IP. A non-competition agreement/contract on termination of employment will keep an employee from working at a competing company, usually for a set period of time after leaving the former employer. This kind of agreement will prevent a former employee from soliciting his former employer's customers after leaving the organisation. Employment Exit/Termination If an employee resigns, is made redundant or employment terminated for any other reason, make sure access to computer networks and databases, as well as phone and E-mail accounts are terminated. This is especially important in cases of redundancies, when former employees might seek revenge against the organisation. Legal Actions If you need to go to court to obtain a legal order to prevent someone from using your IP, the court may first ask how you went about protecting it; therefore, many businesses are often found powerless to fight legally against the theft of their IP because they have not taken the necessary legal and procedural precautions. However, if achieved correctly, it will not only give you the upper hand in a potential court case, it will also be a deterrent for potential wayward employees from attempting to abuse confidential information. Internal Monitoring This should include the monitoring of information on the Internet, chat rooms, trade boards and e-mail systems and to filter outbound and inbound traffic for specific client owned phrases; such as client lists, proposals, passwords and source codes. In some extreme cases, companies have even taken the steps to ban mobile phones, camera phones, PDAs and other hand-held devices because of their ability to make espionage/IP theft very easy. CSi has developed an online integrated investigative software platform called proScreen: Guardian that ensures your organisation is fully appraised of unethical behaviour conducted by internal staff in external locations. CONCLUSIONS An organisation’s IP is just as an important asset as is its employees and both should be equally protected from external and opportunist threats. However, some employees are often cajoled into giving away information to organised criminal gangs who are increasingly targeting employees to illegally obtain confidential information. An increase in the security culture and awareness, together with a good understanding of the reasons against the theft of IP, will assist organisations combat internal IP breaches.
Publication:
|