In today’s digital age, information is power. Companies invest heavily in collecting and developing proprietary data and IP. They must also consider how best to protect it.
One of the most significant threats to corporate secrets often comes from within – the insider threat. A recent case alleges that before he left his position, a member of the New York Knicks front office staff allegedly downloaded proprietary company material to use in his new position with the Toronto Raptors.
There are other real-Life public examples
- Waymo vs. Uber (2017): This high-profile case involved former Waymo employee Anthony Levandowski, who allegedly stole 14,000 technical files related to Waymo’s self-driving car technology before leaving the company to join Uber. The case highlighted the risks of employees taking invaluable intellectual property with them to their new employers.
- Tesla’s Trade Secret Theft (2020): A former Tesla employee, Guangzhi Cao, was sued for allegedly stealing the electric car manufacturer’s Autopilot source code before taking a new job at XMotors. Tesla claimed that Cao had uploaded the source code to his personal iCloud account.
Insider Threat Landscape
Insider threats are not a new or unique phenomenon, but they have evolved in complexity and sophistication with the digital era. These threats can take many forms, from employees taking information with them or intentionally leaking sensitive information to deliberately negligent actions that compromise data security. In some cases, it can be extremely challenging to prove negligence or malice and incompetence and complacency can lead to just as damaging outcomes. It is therefore important to implement strong data governance, provide robust training, and monitor for any potential threats and risks.
Solutions to Combat Insider Threats include but are not limited to:
- Pre-employment due diligence: Conducting thorough background checks and due diligence in advance of hiring can prevent hiring problematic employees that may lead to insider threats. Get in touch to discuss employee vetting options.
- Implement Robust Security Policies: Companies should establish comprehensive security policies that clearly define the handling of sensitive data. Employees should be trained regularly on these policies and the consequences of violating them.
- Access Control and Monitoring: Limit access to sensitive data on a “need-to-know” basis. Implement robust access control measures, and monitor who accesses what data and when. Suspicious activity should trigger immediate alerts.
- Data Encryption: Employ strong encryption protocols to protect sensitive data both in transit and at rest. Encryption ensures that even if data is stolen, it remains unreadable without the decryption key.
- Regular Security Training: Continuous education on data security is essential. Regular training sessions can remind employees of their obligations and help them recognize the importance of protecting company assets.
- Exit Interviews and Off boarding: Conduct thorough exit interviews to ensure departing employees understand their responsibilities regarding company data. Disable their access promptly and review any data transfers they made during their notice period.
The threat of employees stealing sensitive, secret, or private material before leaving their jobs is a growing concern in the corporate world. Companies must take proactive measures to safeguard their proprietary data. By implementing robust security policies, access controls, and monitoring systems, and by fostering a culture of data security and accountability, organizations can significantly reduce the risk of insider threats and corporate espionage. The message to employees should be clear: protecting corporate secrets is not just a matter of policy; it’s an ethical responsibility that should be taken seriously.
If you want to discuss due diligence and insider threat mitigation options please get in touch