Stolen IP Creates Potential for IP Contamination
Not only is that a problem for the organization that just lost the IP, it's also potentially a big problem for the organization that hires a worker that brings stolen IP to his or her new role.
"It creates the potential for IP contamination," Matthews says. "It's not just a security or business loss issue. Now you have a potential lawsuit on your hands."
Employees aren't solely responsible for the problem, Matthews notes. He says organizations are failing to create a culture of security. The Ponemon Institute finds that only 38 percent of employees say their manager views data protection as a business priority, and 51 percent believe it's acceptable to take corporate data because their company does not strictly enforce policies.
"Simply put, companies don't do anything," Matthews says. "And because there's no action taken--there's no policing--pretty soon people feel they can get away with it because companies don't care. Companies don't put any time into actually policing their intellectual property."
How to Deal With Insider IP Theft
Matthews offers three recommendations for dealing with the threat of insider IP theft:
Educate your employees. Organizations need to educate their employees about IP security and help them understand that taking confidential information is wrong. IP theft awareness should be an integral part of security awareness training.
Enforce nondisclosure agreements (NDAs). In nearly half of insider theft cases, the organization had IP agreements with the employee, according to Symantec, but those agreements either weren't understood by the employee or weren't enforced by the company. Organizations need to include stronger, more specific language in their employee agreements. Additionally, exit interviews should include focused conversations around the employee's continued responsibility to protect confidential information and return all company information and property. The employee needs to understand that policy violations will be enforced and could result in negative consequences to them and their future employer.
Deploy monitoring technology. Implement a data protection policy that monitors inappropriate access and use of IP and automatically notifies employees of violations. This will increase security awareness and deter theft.
"When it comes to trade secret theft by mobile employees, an ounce of prevention is usually worth ten pounds of cure," says Dave Burt, founder of Mobility Legal P.C.
"We consistently see departing employees who don't understand their obligation to keep trade secrets secret, but are just as often faced with companies whose own procedures are sorely lacking when it comes to protecting valuable IP," Burt says. "But everybody loses when a mobile employee steals trade secrets--the company who invested in the IP, the employee who took it and the organization that receives it, even unknowingly, who most often is on the hook for defending the litigation that follows."
Sign up for Computerworld eNewsletters.