Intellectual Property Theft on the Rise
By John Avellanet, Managing Director and Principal of Cerulean Associates LLC
Reprinted with permission from SMARTERCOMPLIANCE™ 2(9): p 1-2 (September 2008)
Nine out of ten companies do not have appropriate policies and controls in place to stop employees, contractors or partners from walking out the door with intellectual property and trade secrets.
For those of us who’ve spent much of our careers helping prevent corporate espionage, the July report by the not-for-profit IT Policy Compliance consortium comes as little surprise.
Passwords and patents do not make your company’s information and discoveries any more secure than locks and labels make your home and its belongings safe from theft.
Carnegie Mellon University’s CERT research think tank has followed information theft for decades and has come to two eye-opening conclusions:
- · Most confidential information theft comes from people you know—employees, contractors, suppliers or even partners (especially for co-developed products); and
- · More than 30% of this type of theft comes from people working in your computer department (IT/ICT).
Given all the security efforts around stopping outsiders when the real risk lies within, is it any wonder that 90% of businesses do not have any way to stop—much less even detect—intellectual property (IP) and trade secret theft?
Improving Your Chances
Before we even get down to work on reasonable trade secret controls, I give my clients a brief set of “yes/no” questions to answer on their own.
These questions are straightforward and easily answered in less than 30 minutes. For instance, “Do you have a ‘clean desk’ policy for sensitive or confidential information?”
The goal of these questions is to help my clients quickly outline their weaknesses—and their strengths. In this way, we can quickly shift into discussing solutions.
And while many executives need the more detailed audit with its prioritized recommendations, keep in mind that a half-dozen quick-fixes implemented now can stop today’s disgruntled employee or frustrated contractor from sabotaging your work.
Two Quick Fixes to Take Today
Ask yourself, What documented proof do we have that our policies are being followed?
For instance, a typical “clear desk” policy requires personnel to clear their desk and office area of confidential information before they leave for the day, locking it in a file cabinet, turning it back over to the document specialist for filing and so on.
When companies state they do this, my reaction is always to be skeptical. How do you know this is actually being followed?
If your people turn sensitive material over to an archivist, that individual should have log files that can be reviewed.
However, what proof do you have that people are clearing their desk and securing their office area?
A simple way to test this is to simply stay late one evening and walk around, from cubicle to cubicle, office to office. How many documents do you see labeled “confidential” or “private” or “trade secret” sitting out? How many documents do you quickly recognize that should be labeled “confidential” or “trade secret” (such as product drawings or formulations) but that aren’t labeled and aren’t put away?
Then, take the next step. Ask your internal auditors (or hire an outside independent auditor) to include this in their regular audit routine. Assuming no other extenuating circumstances, I usually suggest my clients audit this once or twice a year (perhaps more for habitual “offender” departments).
I’ve made a free version of my intellectual property and trade secret security checklist available for download. You can use this to quickly assess your strengths and opportunities for improvement.
You can get your free PDF copy here: http://www.ceruleanllc.com/biotechblog
Are you ready?
About the Author
John Avellanet is a former Fortune 50 subsidiary C-level medical device and biotechnology executive where he created, developed and ran his firm’s Records Management and IT departments, and was directly accountable for trade secret protection. In 2006, he founded his independent consulting firm, Cerulean Associates LLC (www.ceruleanllc.com) and has since become one of the leading experts on trade secret and corporate espionage protection for biotech, pharmaceutical and device companies.