Changing attitudes is hard to do through security solutions alone. Experts like Stefan advocate employee training, but even with proper training in place and with employees having a clear definition of IP ownership, the problem is too big to leave to education alone.
Too often, Stefan says, organizations dont really know what an employees job entails. So they dont notice large files being emailed, and they arent concerned when the employee accesses information unrelated to the job at hand. In other words, organizational complacency is as much of a problem as employee attitudes.
Once you dig deeper into the theft, the act looks less vague, and the former employee wont be able to chalk it up to simply maintaining a relationship. If your former employee continuously contacts your customers close to the end of a contract, you should be suspicious.
Once you suspect IP theft, though, how do you counter it? Is suspicious selling behavior enough? How much evidence is needed to prove your case?
Five Steps to Counter IP Theft
1. Conduct regimented exit interviews. Do more than a verbal interview; also discuss the persons computer usage.
2. Have an anti-deletion policy and deploy anti-deletion software on network servers.
3. Run forensics and perform audits of email, web and computer usage.
4. Treat a trade secret like a trade secret. Put safeguards in place to protect critical information. For instance, dont make the mistake of giving every sales person access to the whole customer list. Instead, restrict access to their accounts.
5. Utilize appropriate surveillance, such as monitoring software that tracks employee access to sensitive databases and triggers an alarm for suspect behavior, such as when someone compresses a large file, copies many files, or disseminates critical information.
When an employee leaves, they usually know theyre going thirty-to-sixty days ahead of time, which is when most theft happens, Yonowitz said. The company wont know of the employees plans until well after the employee does, meaning preventing theft can be tricky.
Ideally, you want to head employee off at the pass and not involve customers, Yonowitz said. The problem is that most employers are not doing simple things like monitoring email usage. They are not training employees properly. They dont adequately explain what information belongs to company.
With the proper systems in place, inappropriate behavior will raise alarms well before the employer knows of the employees intention to leave. If this sounds like Big Brother flexing his muscles, its important to remember that surveillance and monitoring neednt be intrusive.
Simply saving emails can be crucial, but saving email doesnt mean you need to scrutinize every single one. You simply need to have access to them if a problem arises.
If you experience an incident, its important that your actions dont destroy the very information youre trying to protect, Stefan warned. If you find a smoking gun, make sure you take the steps so that it will be admissible in court, if it comes to that.
By logging onto a former employees computer, you are trampling on the crime scene. Better to just have policies in place to save things like email, browsing histories, and access to key databases and let a forensics expert take it from there.
Remember, computers house a ton of information, Stefan said. When an employee leaves, dont reformat hard drive and put it back in circulation. If its a contentious termination, take the drive out and buy a new one for that PC. A few dollars spent on a new hard drive could be the difference between winning and losing an IP theft case.