Threat From The Inside, Fti Journal


Published on

Media and Analyst CoverageThe Threat from Inside - The Risks of IP Theft
FTI Journal - March 2012
Companies face serious risks from employee intellectual property theft. To protect themselves, they need strong onboarding and exiting policies, plus computer forensics expertise.

James Scarazzo
Director, FTI Technology

Jason Ray
Director, FTI Technology

  • Be the first to comment

  • Be the first to like this

Threat From The Inside, Fti Journal

  1. 1. issue 7 T h e T h r eat f ro m I n si d e technology Companies face serious risks from employee intellectual property theft. To protect themselves, they need strong onboarding and exiting policies, plus computer forensics expertise. A cross the globe, cyber attacks had experienced internal theft of James Scarazzo from outside the company intellectual property. Fearful of losing Director, FTI Technol- get enormous attention. But their jobs, some employees become ogy, FTI Consulting jim.scarazzo much less attention is directed toward desperate, and one way of protecting an equally perilous — and possibly themselves is to walk off with more daunting — threat: employees information that would be valuable to a Jason Ray Director, FTI Technol-travis rathbone for fti journal absconding with intellectual property competitor — for example, lists of top ogy, FTI Consulting and other confidential information. customers, pricing schedules, strategy jason.ray Since the economic downturn, documents or computer code. cases of intellectual property theft Helping oneself to company by employees have been increasing information is getting easier. Whereas significantly. A recent study by the U.S. pilfering information once meant Federal Bureau of Investigation found photocopying it and sneaking it out, that 44% of companies it studied today more than 80% of a company’s FTICONSULTING.COM #15
  2. 2. fti files technology competing business with confidential client information. They shared their plans through text messages on company-owned smartphones. No company is immune to these attacks. Because so much company information is used legitimately outside the office, it is practically impossible to information is stored electronically. set meaningful alarms. But companies Some 75% is never printed. As can better protect themselves. employees bring their own mobile Management teams should tighten devices to work and make use of employee onboarding and exiting “the cloud” to store and exchange processes, and put proper forensic information, it can leave the company’s computer procedures in place. control in seconds. Employee intellectual property Onboarding and Exiting theft is difficult to detect. A company’s When companies bring on new workers have legitimate access to employees, the process should proprietary information as part of thoroughly cover company policies on their work. For example, few would intellectual property and confidentiality. question a sales representative’s Ideally, these policies would be copying contact lists, presentations or included in employment contracts and other material for easy access outside confidentiality agreements. Continually the office. Thus, employee theft of articulating these policies is crucial. intellectual property often flies below It makes the company position clear Because so the radar. Here are two examples of and supports legal actions in which much company FTI Consulting projects: employees claim policies were vague. information is The employee exit process is also used legitimately An industrial equipment an effective point for heightened outside the office, manufacturer discovered information scrutiny. Although it is not practical it is practically theft only after its suspicions were to conduct forensic computer impossible to set aroused by the resignation of the investigations with every employee sales vice president and several direct departure, management should meaningful alarms. reports all on the same day. They had identify key positions with potential formed another business and were risk. These could include sales using sales contacts, pricing models representatives, whose contact lists and other information to build it. often contain customer data that is Members of a financial services protected by privacy laws, but also any firm were conspiring to set up a employees with access to proprietary#16
  3. 3. issue 7 The views expressed in this article are those of the authors and not necessarily those of FTI Consulting, Inc., or its other professionals.or confidential information that they and having reliable evidence allowmight use after leaving. management and legal teams to decide early what steps they canMake Sure Information and should take. For example, theWorks as Evidence company could file for a temporaryWhen companies suspect employee restraining order, pursue court ordersintellectual property theft, they often to examine personal computers, ormove hastily: IT or HR is contacted simply contact the employee’s newand the staff springs into action by employer and inform the company ofopening files and saving information what has occurred. It is also valuableonto CDs or portable devices. On to tightly integrate computer forensicthe surface it may appear that the activity with other forensic processesevidence has been obtained. But in in the company, such as accounting.actuality, all the company has is data. Evidence of fraud or other misconduct Opening, printingThat probably isn’t usable as evidence. is likely to be found in computer files and saving files Evidentiary standards require and electronic communications. Early, can permanentlydetailed chronological documentation coordinated and immediate action may change metadataof everything that happened to the be necessary to discover evidence and that records who diddata. Opening, printing and saving files prevent its destruction. what to the filecan permanently change metadata that In times of economic distress, the and when.records who did what to the file and incidence of employee intellectualwhen. Just booting up a computer can property theft by employees canoverwrite items such as caches and jump. Although such theft is difficulttemporary files. Combined with altered to detect, companies can take stepsmetadata, these changes can make it to protect themselves and makedifficult to prove what the employee strong defensive moves when theft isactually did. suspected. Sometimes computer experts canrestore damaged evidence, but just asoften they can’t. The process can becostly and take valuable time. To avoidthe fire drill, management should becertain that proper computer forensicskills and processes are in place.Move Quickly to ActionStolen intellectual property canimprove with age — the people whohave taken it have more time to useit. Quickly understanding the facts FTICONSULTING.COM #17