Imagine this: An employee puts in his notice of resignation and, one day after his departure, his boss notices that a piece of data — corporate intellectual property that should have been under his control — is missing.
A forensic investigation turns up Google searches for data destruction tools, three of which have been downloaded to the computer and one of which had been set up; it also showed evidence that the employee’s hard drive had been partially wiped. Experts testify to this information and a settlement is found in the company’s favor, to the tune of $60,000 (plus legal fees).
This exact scenario actually happened — the employee’s name was Donald C. Westacott and he worked for Devon Energy Corporation — and cases like these are a lot more common than most employers realize.
In fact, 59 percent of ex-employees admitted to stealing confidential company information on their way out in a 2009 Ponemon Institute survey.
So, how can corporate IP theft be prevented?
1) Use a secure file management system and know the data that needs to be kept confidential. This should include anything the company wouldn’t want falling into a competitor’s hands—financial projections, client lists, acquisition information, patents, copyrights and trade secrets.
2) Have a business protocol for document management set up, with processes that determine who has access to what data, what data can be deleted and what data should be backed up. Make sure to utilize Non-Disclosure Agreements (NDAs) anytime the company works with an outside contractor or other party.
3) Control who can access corporate IP, and use a system that makes it easy to revoke that permission at any time. Limit permissions to employees who truly need access.
4) Track who is accessing files that might be considered corporate intellectual property with an itemized audit log.
5) Be proactive in protecting intellectual property against any unauthorized access, whether internal or external. This should include secure login protocols and two-factor authentication.