With the reputation of corporate America being so cutthroat, it probably comes as no surprise that the stealing of trade secrets and proprietary enterprise information happens more often than we think. But what will surprise you is that a majority of these crimes are perpetrated by offenders who are not your rival marketplace competitors. Rather you are more likely to fall victim to less obvious suspects: disgruntled employees, a greedy insider, a rogue part-time contractor, or even a sly and unethical client.
In this article, we will identify the potential threats that aim to put your company into financial ruin and discuss who are the likely terrorists in economic warfare. A later article will illustrate a ten-step process to prevent and foil an attack on your trade secrets and overall information security.
First let us define economic warfare. What is it and how does it put us in danger? An attempt to illegally obtain, corrupt, alter, destroy, or falsify intangible assets of a corporate entity, including but not limited to trade secrets, financial data, or client information, so as to profit from its misfortune, is malevolent corporate espionage.
From money-hungry crooks to college-age hackers out for a joyride, all of them want to get their hands on the same thing - any proprietary asset that lets you have a competitive advantage and in turn, be profitable at your trade. The most confidential and sensitive of these assets include recipes, blueprints, software source code, lab notebooks, mathematical formulas, and manufacturing processes. Even more frightening is the misappropriation of research and development, something that companies put millions of dollars into every year. Never falsely assume that your intangibles are covered under intellectual property protection like trademarks, copyrights and patents.
Should these assets be stolen, damaged, or corrupted, your ability to add value for your customers over that of both legitimate and illegitimate competitors will be diminished. Sadly, firms sometimes make it too easy for rogues and thieves by voluntarily and inadvertently releasing too much information to the public in an effort to be compliant with government regulations. This is mainly because managers often fail to recognize what is and what isn't a trade secret. Most firms do not have set guidelines to classify which assets are secret and therefore managers unfortunately have to rely on their own discretion. Publicly released financial statements are particularly sensitive because classified information may be imbedded in them without managers even realizing it.
A successfully executed act of economic warfare can be perpetrated through either a physical attack or a cyberattack using computers and cell phones. Physical threats include the use of moles, impostors, and even thieves. Meanwhile, more high tech criminals can use trojan horses, viruses and other malicious code as their cowardly weapons of destruction. Corporate espionage can take place on one occasion or a series of many over time. It all depends how patient your perpetrator is and how much resources are at his or her disposal.
Crimes of great patience and expense are usually a result of legal or illegal competitive intelligence and solid covert research initiated by a business competitor. Some companies have reportedly spent up to $50 million in legal intelligence programs - how much more could they be throwing at illegal efforts? Your rivals may even go as far as hiring former military intelligence analysts to secretly approach or interview your employees, tricking them into eliciting information without even knowing it.
Down and dirty competition is one thing. But there are even more intimidating foes living in the shallows that you need worry about. Don't count out these seven types of scoundrels, tyrants and miscreants as possible attackers:
Anyone who has worked for your firm or is currently working for your firm may be a suspect of trade secret theft. This includes temps, secretaries, janitorial staff, and even building maintenance personnel. Offenders do not have to have direct access to proprietary information to commit the crime. They might rummage through a desk that is not theirs or peak over the shoulder of a fellow employee. Or perhaps simply overhear confidential conversations. There are many motivations why a past or present employee would turn against your company. Revenge and money are the leading two.
Those who believe they have been done wrong may want to simply give away classified secrets to a competitor so as to bring the downfall of the former employer. Severed employees who do not care about revenge may merely take trade secrets to start their own company, thus unfairly creating a new competitor for you. Those still with your firm are also very much profit driven. Competitors may be paying your employee to be a double agent. Even scarier, it might be your employee approaching the competitor instead of the other way around. Another way employees can get their hands on big money is to steal trade secrets and blackmail company management with threats to sell them on an open black market.
Rogue contractors, suppliers and joint venture partners
Those who do business with your firm come a close second to employees as the greatest internal threat to trade secrets. Parties include lawyers, consultants, accountants, contractors, subcontractors, suppliers, deliverymen, and even joint venture partners. And if you are a tenant among many in a large office building, building security guards hired by the landlord can even offer vulnerability. Many of these trusted external partners are motivated in the same way as employees. But they are also bold and at times heartlessly indifferent. Some contractors think that simply because they do not work for your firm, there will be little evidence to lead back to them as the perpetrator.
The most dangerous part about external parties who are closest to you is that they do not even have to steal actual documentation to do damage. The knowledge in their heads is enough. By default, management consultants, accountants and lawyers must be thoroughly familiar with your business in order to effectively advise you. Who is to say that after the workday is over, they won't take that same information and turn it against you for their own self-promoting profit? Remember that even if you trust the contractor firm that works for you, the same faith cannot necessarily be placed with the individual employees who work there.
Impostor authority figures
Impostors are everywhere and rely on their charm and cunning to trick you into giving away your trade secrets instead of them having to steal information. Anyone can pose as a government inspector, a reporter, or even a computer repairman. Folks such as these gain your trust so that you willingly provide them access to secure areas of your facility or offer them access to documentation that you would normally not pass around openly. Con artists are pretty shrewd and more detail-oriented than you think. They can fabricate badges and job histories. Some might even steal the name of deceased or retired authority figures and assume their identity in order to win your trust. So, even with the most strict security procedures, a good number of criminals can fake their way around your system.
Scam artists pitching phony business opportunities
How many times have you heard the pitch "We can save you thousands of dollars!"? In all likelihood, if a deal looks too good to be true, it is. Most scams try to lure you in with phrases like, "send no money now" and "we just want to ask you a few questions." Bogus foreign requests for company information are typically disguised as marketing promotions or legitimate proposals for joint venture opportunities. Treat all salesmen and businesses that offer you incredible rewards for very little risk the same way you treat telemarketers at home. With skepticism!
How can you tell if a business proposal is a scam or the real deal? Your most obvious tip-off is anything that promises or guarantees you a million dollar payoff. Be wary of assurances that the deal is being offered exclusively for your company only. Other con artists may be tricky enough to say that they have already talked with someone else at your company who has referred them to speak with you. Here they are trying to suggest that there is a previous relationship with your firm on past deals or offers. Another key sign of fraud is if the solicitor is in a big hurry to get your company information or answers to their "survey for statistical purposes only." Also, distrust salespeople who mandate a visit to your company as a part of their due diligence. Overall, if the proposal's purpose is interesting but vague and unclear, this is something to avoid. The secret to fielding out scams is doing your homework. Ask lots of questions and research the proposal thoroughly before espousing any information about your company.
The client always comes first! The customer is always right! These may be the things they teach us in business school but not security school. It is indeed very possible to be giving your clients too much information in an effort to be extra accommodating to their needs and wants. Or perhaps the taking of proprietary secrets is less voluntary on your part. Say you step out of your office briefly during a consultation with a client who takes an opportunity to scan his or her eyes over your desk. Either one of these scenarios is not only possible but probable if your client has a less stellar character than you initially think. While clients might be motivated by money and the temptation to sell your secrets for selfish profit, their motivation might be a lot more basic: steal your consulting practices or research methods to train their in-house staff to do your advisory work and bypass the services that you offer in the future.
Every now and then, we hear about those rascally, teenage computer geeks who entertain their boredom by trying to hack into a company's server or take down its website. But another breed of hacker who isn't looking for adolescent amusement lurks in the dark. Malevolent hackers are computer whizzes who can effectively steal your electronic data and database information either onsite or remotely, with quick precision, and probably without you even knowing it. In fact, hackers can be so stealthy that they are able to enter your computer systems, scan through your data, download the portions they want and not even leave a trace that they were there.
Even with just a user name, password and a connection to the Internet, an information thief could turn them into mighty weapons of economic warfare against your company. The most concerning thing about malevolent hackers is not that they will steal your proprietary information to sell or use against you, although that should still remain high on your list. Rather, a threat of sabotage whereby your data could be damaged beyond retrieval would be even more devastating. Or perhaps consider a hacker materially changing small details in your recipes, formulas and blueprints. The changes may not be noticeable at first but you will definitely see the damage done when your final product comes out a disaster.
Remember, if you do not help yourself, no one else will. Prevention and risk assessment are your first lines of defense. Don't wait until crime strikes and then expect courts and the government to help bail you out. Dealing with the headache and expense of hiring lawyers to take on economic terrorists is not what you want to be suffering through. And even if you win your case, how confident are you that your company is out of the woods? Just because a judge requires an offender to return documents and admit to wrongdoing, your secrets are still in that person's head. And who is to say that five years from now when everything blows over, the perpetrator won't go back to his or her old ways? Think about it! There's nothing wrong in keeping secrets.
Jason B. Lee is chief investment officer of Lee & Co., an independent investment banking and private equity consulting firm based in Washington, DC. Lee specializes in two very unrelated areas of financial management: investment analysis and information security protection.