Media and Analyst CoverageThe Threat from Inside - The Risks of IP Theft
FTI Journal - March 2012
Companies face serious risks from employee intellectual property theft. To protect themselves, they need strong onboarding and exiting policies, plus computer forensics expertise.
James Scarazzo
Director, FTI Technology
Jason Ray
Director, FTI Technology
PCTY 2012, IBM Security and Strategy v. Fabio Panada
Threat From The Inside, Fti Journal
1. issue 7
T h e T h r eat
f ro m I n si d e
technology
Companies face serious risks from employee intellectual property theft. To protect themselves,
they need strong onboarding and exiting policies, plus computer forensics expertise.
A
cross the globe, cyber attacks had experienced internal theft of James Scarazzo
from outside the company intellectual property. Fearful of losing Director, FTI Technol-
get enormous attention. But their jobs, some employees become ogy, FTI Consulting
jim.scarazzo
much less attention is directed toward desperate, and one way of protecting
@fticonsulting.com
an equally perilous — and possibly themselves is to walk off with
more daunting — threat: employees information that would be valuable to a Jason Ray
Director, FTI Technol-
travis rathbone for fti journal
absconding with intellectual property competitor — for example, lists of top
ogy, FTI Consulting
and other confidential information. customers, pricing schedules, strategy jason.ray
Since the economic downturn, documents or computer code. @fticonsulting.com
cases of intellectual property theft Helping oneself to company
by employees have been increasing information is getting easier. Whereas
significantly. A recent study by the U.S. pilfering information once meant
Federal Bureau of Investigation found photocopying it and sneaking it out,
that 44% of companies it studied today more than 80% of a company’s
FTICONSULTING.COM #15
2. fti files technology
competing business with confidential
client information. They shared their
plans through text messages on
company-owned smartphones.
No company is immune to these
attacks. Because so much company
information is used legitimately outside
the office, it is practically impossible to
information is stored electronically. set meaningful alarms. But companies
Some 75% is never printed. As can better protect themselves.
employees bring their own mobile Management teams should tighten
devices to work and make use of employee onboarding and exiting
“the cloud” to store and exchange processes, and put proper forensic
information, it can leave the company’s computer procedures in place.
control in seconds.
Employee intellectual property Onboarding and Exiting
theft is difficult to detect. A company’s When companies bring on new
workers have legitimate access to employees, the process should
proprietary information as part of thoroughly cover company policies on
their work. For example, few would intellectual property and confidentiality.
question a sales representative’s Ideally, these policies would be
copying contact lists, presentations or included in employment contracts and
other material for easy access outside confidentiality agreements. Continually
the office. Thus, employee theft of articulating these policies is crucial.
intellectual property often flies below It makes the company position clear
Because so the radar. Here are two examples of and supports legal actions in which
much company FTI Consulting projects: employees claim policies were vague.
information is The employee exit process is also
used legitimately An industrial equipment an effective point for heightened
outside the office, manufacturer discovered information scrutiny. Although it is not practical
it is practically theft only after its suspicions were to conduct forensic computer
impossible to set aroused by the resignation of the investigations with every employee
sales vice president and several direct departure, management should
meaningful alarms.
reports all on the same day. They had identify key positions with potential
formed another business and were risk. These could include sales
using sales contacts, pricing models representatives, whose contact lists
and other information to build it. often contain customer data that is
Members of a financial services protected by privacy laws, but also any
firm were conspiring to set up a employees with access to proprietary
#16
3. issue 7
The views expressed in
this article are those
of the authors and not
necessarily those of FTI
Consulting, Inc., or its
other professionals.
or confidential information that they and having reliable evidence allow
might use after leaving. management and legal teams to
decide early what steps they can
Make Sure Information and should take. For example, the
Works as Evidence company could file for a temporary
When companies suspect employee restraining order, pursue court orders
intellectual property theft, they often to examine personal computers, or
move hastily: IT or HR is contacted simply contact the employee’s new
and the staff springs into action by employer and inform the company of
opening files and saving information what has occurred. It is also valuable
onto CDs or portable devices. On to tightly integrate computer forensic
the surface it may appear that the activity with other forensic processes
evidence has been obtained. But in in the company, such as accounting.
actuality, all the company has is data. Evidence of fraud or other misconduct Opening, printing
That probably isn’t usable as evidence. is likely to be found in computer files and saving files
Evidentiary standards require and electronic communications. Early, can permanently
detailed chronological documentation coordinated and immediate action may change metadata
of everything that happened to the be necessary to discover evidence and that records who did
data. Opening, printing and saving files prevent its destruction.
what to the file
can permanently change metadata that In times of economic distress, the
and when.
records who did what to the file and incidence of employee intellectual
when. Just booting up a computer can property theft by employees can
overwrite items such as caches and jump. Although such theft is difficult
temporary files. Combined with altered to detect, companies can take steps
metadata, these changes can make it to protect themselves and make
difficult to prove what the employee strong defensive moves when theft is
actually did. suspected.
Sometimes computer experts can
restore damaged evidence, but just as
often they can’t. The process can be
costly and take valuable time. To avoid
the fire drill, management should be
certain that proper computer forensic
skills and processes are in place.
Move Quickly to Action
Stolen intellectual property can
improve with age — the people who
have taken it have more time to use
it. Quickly understanding the facts
FTICONSULTING.COM #17