During tough economic times, internal fraud can increase. These incidents can range from employees padding their expense accounts because they are falling behind in their bills to managers inflating earnings because they are under pressure to meet certain targets.
More Ways Your Business
1. Encrypt electronic files so that they cannot be read or taken off the premises.
2. Mark any papers, photographs, sketches and other documents as confidential. Attach electronic sensors to trade secret items.
3. Prohibit photocopying of trade secrets and other sensitive company information. Consider forbidding cameras on the premises, including those built into cell phones.
4. During exit interviews, remind employees leaving the company about their obligations and your trade secret protection policies.
5. Remind all co-workers of a departed employee to change their passwords if there is the slightest chance they may have shared their passwords with that person. Recognize that sometimes, even in violation of policy, employees share passwords.
6. After employees leave the company, coordinate the denial of building access with the denial of access to computer accounts. Keep in mind that colleagues might allow former employees on the premises if they’re unaware of resignations or terminations.
7. Maintain logs of employees in the company who have rights to access trade secrets.
8. Watch what employees disclose at industry trade shows. Review technical literature, service manuals, press releases and other material distributed outside the company. Similar reviews should be made of filings with the SEC or patent applications.
“The Cold War is not over. It has merely moved into a new arena: the global marketplace.”
— The Federal Bureau of Investigation
Don’t overlook the possibility of foreign competitors stealing your company’s trade secrets. The FBI estimates that every year, billions of U.S. dollars are lost to foreign competitors who “deliberately target economic intelligence in flourishing U.S. industries and technologies,” and who cull information about trade secrets.
In general, the FBI states, foreign competitors criminally seek economic intelligence in three ways:
Companies that are taking cost-cutting steps, such as layoffs, can experience employees seeking revenge. Even worse, in some companies, the chaos after lay-offs can result in more fraud opportunities. For example, segregation of duties is less likely with a reduced staff. So companies cutting jobs should put internal controls in place to prevent the theft of intellectual property and other assets by departing employees.
Consider two well-publicized cases that involve former employees engaged in economic espionage, which is defined as the theft or misappropriation of trade secrets:
Case #1: Gary Min, a scientist working for the chemical company DuPont, stole intellectual property after accepting a position with a competitor. Before leaving DuPont, Min proceeded to raid the company’s databases of 22,000 abstracts and 16,000 pdf documents estimated to be worth in excess of $400 million. DuPont notified the FBI and shortly after joining his new employer, Min was arrested. He was sentenced to 18 months, fined $30,000 and ordered to pay $14,500 in restitution to DuPont.
Fortunately, DuPont was able to detect and document Min’s activity. The company, which operates in more than 70 countries, implemented reporting that monitored the frequency, and volume of materials accessed from its databases. Given DuPont’s size, and the emphasis that it places on intellectual property, it is not surprising that the corporation implemented robust security measures to protect its economic assets.
The U.S. Attorney’s office announced in 2007 that it discovered a great deal of evidence in the case after federal agents searched Min’s home in Ohio. At the home, agents found several computers containing DuPont documents marked “confidential. The investigation also revealed numerous garbage bags filled with shredded DuPont technical documents, as well as remnants of the company’s files that had been burned in the fireplace. In addition, the agents learned Min stored more confidential DuPont information in a storage unit and in a one-bedroom apartment.
Case #2: A software engineer who was born in China, resided in California, and held Canadian citizenship was sentenced to prison last year for violating the Economic Espionage Act and the Arms Export Control Act.
According to court records, Xiaodong Sheldon Meng committed economic espionage by stealing trade secrets from his former employer, Quantum3D Inc. The intent was to turn the trade secrets over to the People’s Republic of China Navy Research Center in Beijing.
The trade secret at issue, known as “Mantis” was a highly prized Quantum3D product used to simulate real world motion for military training and other purposes.
Meng took the intellectual property when he left Quantum3D. He then used the trade secrets as part of sales demonstrations he performed in front of Asian military officials as part of his new job, with an Israeli company that was a competitor of Quantum3D.
These two cases illustrate the risks involved when trade secrets are stolen. To prevent this from happening at your company, here are some considerations:
- Economic espionage can, and will happen, if your business is not prepared. The DuPont and Quantum3D cases highlight the threat from within. However, the theft of trade secrets can also be perpetrated by third parties. The first step in developing a proactive defense is recognizing that the threat exists. Once a risk is acknowledged to be present, management must take an active role in ensuring that the company is implementing the appropriate tactics to combat theft attempts.
- When is a secret a secret? When you say so! It is extremely important that a company appropriately classify and protect all documents that contain trade secrets. Given the multitude of servers and databases that exist within all-size companies today, it can take considerable effort to locate trade secrets. However, in order to assist law enforcement if a trade secret is stolen, it is critical that the scope of the theft is known. Also, a company should be able to demonstrate that management appropriately protected all trade secrets. Law enforcement agencies can be reluctant to step in once a theft has occurred if the company is negligent in protecting its assets. To be successful in litigation, a company must generally prove that it took reasonable steps to protect its intellectual property.
- How are trade secrets targeted or stolen? According to the FBI, here are some of the methods: They are stolen, concealed or carried away by fraud, artifice or deception. They can be copied, duplicated, sketched, drawn, photographed, downloaded, uploaded, altered, destroyed, replicated, transmitted, delivered, mailed, communicated, or conveyed. Theft can also involve one party receiving, buying or possessing a trade secret, knowing that it was stolen or obtained without authorization.
- It’s not a secret if everyone knows. If a company fails to limit trade secret access to those with a “need to know,” a defense attorney can attempt to place doubt in the mind of a jury regarding the defendant’s guilt. With even the strictest policies and procedures, an employee can inadvertently provide information to a third party. However, without policies to limit leakage of information, employees, vendors, etc. will happily disclose important information with no forethought of malice. Make sure you have strongly worded non-disclosure agreements, as well as other policies and procedures concerning your ownership of trade secrets and proprietary company information. These agreements should be signed by employees indicating that they have read and understand them. Outside contractors that need access to sensitive business operations should also sign confidentiality agreements. Consult with your attorney about these agreements.
- Leverage existing fraud detection tools, or database reporting to detect anomalies. As the DuPont case shows, monitoring database access logs can yield positive results. Many fraud detection engines can be used to keep an eye on the number of times a database is accessed, as well as the number of documents that are printed by each user. A proactive database access report can be also provided to law enforcement as evidence of the employees or third parties’ activity. Ultimately, this type of reporting can be used to great effect in a trial to conclusively show the actual steps taken by the defendant to steal proprietary information
- Implement regular reviews of trade secret classification and protection. Depending on the size of the company and the type of business, intellectual assets can be continually created. Consider implementing the appropriate infrastructure to detect, classify and protect the intellectual property of your business. The protection of the very essence of a company, it’s intellectual property, requires an ongoing commitment as well as the application of the appropriate proactive tools
Of course, no matter what protections are in place, trade secrets might still be stolen. But by having the proper written policies and procedures in place, you’ll be better armed if you need to file suit. Act quickly so that others who are tempted to steal trade secrets will think twice.