Subscribe to the InfoTech eNewsletter

infoTECH Feature

November 11, 2008

Corporate Data Leakage

Data leakage is the glamorous, high-priced term given to information stolen from organizations. This particular subject matter will deal with insiders that knowingly steal intellectual property from their employers and take it with them to another company. Intellectual property (IP) covers patent law, trademark, and copyright law. It deals with the ownership of ideas, but ideas that are fixed in a tangible medium (written, photographed, created, etc). The concept of Intellectual Property rights emerged as a public policy relative to business, social, economic, and political forces and formed by the advent of the printing press. Since then the amount and value of intellectual property has grown significantly.
Fact:      An estimated 80% of an organization’s value now rests in its information.
U.S. businesses are spending billions of dollars a year to develop new products and technologies that are being stolen by or sold to their competitors at little or no cost. With all that money being spent on prevention, it is surprising that intellectual property theft from U.S. companies is occurring at a rate of over $250 billion and over 750,000 jobs annually. This problem has become such a significant problem, the federal government stood up the National Intellectual Property Rights Coordination Center earlier this year. The new center was designed to address this growing problem that has expanded from being a purely economic issue to one of national security. 
China is widely considered to be the most problematic country in regard to intellectual property theft. Last year, Chi Mak, a naturalized American citizen of Chinese descent, was convicted of selling sensitive defense technology to China. This came after his brother and sister-in-law were caught by FBI agents trying to board a plane to China with three encrypted CDs containing the stolen intellectual property.
Case:     In November of 2008, a former Intel Corp. design engineer has been indicted by a federal grand jury in Boston for allegedly stealing trade secrets from the chip maker while secretly working for rival Advanced Micro Devices Inc.
Recently, I attended a meeting where a group of individuals presented their ideas for a collaborative service offering with one of my clients. In that meeting and during a PowerPoint presentation, no less than three times the presenter stated the service offering was based on IP developed while he and his “team” were working at their former employer. There were more than a half dozen employees (his team) that left together to create this service offering. As I sat there and listened, I became more and more uncomfortable and, on the taxi ride to the airport, his words created a dull pain in the back of my brain. Upon my return to our offices, I called our security team together and disclosed what had been said. We drafted an email to our client informing them of this serious issue. The client understood and sent an email to the “team” expressing concern over the comments. Of course, they stumbled around and tried to retract their assertions. Anytime a group of individuals leaves an organization on its own in a narrow time frame, especially in these economic times, it should at least raise eyebrows.
Fact:      International Chamber of Commerce puts the global fiscal loss at more than $600 billion a year.
Organizations need to be proactive and on guard against the theft of intellectual property. Here are the first five things you should do to protect your organization’s intellectual property.
  1. Form an IP protection committee that includes technical, legal, HR, and outside security experts.
  2. Conduct an audit and risk assessment as it relates to intellectual property security.
  3. Develop clear and effective policies and procedures that deal with intellectual property protection.
  4. Implement human, physical, technological, and legal measures to protect your intellectual property as well as detect theft.
  5. Make sure all employees sign intellectual property ownership contracts and implement full employment prescreening and exit screening that includes their acknowledgement of the IP ownership obligation.
High Value Corporate Intellectual Property Includes:
    • Customer Lists
    • Employee Directories
    • Process Descriptions
    • Design Documents
    • Strategic Plans
    • Sales Plans
    • R&D Project Lists
    • Price Lists
    • Formulas
    • Merger and Acquisition Plans
Data security professionals need to act now to protect the intellectual property of their organizations. Failure to do so can have catastrophic consequences. Who knows, maybe one of the 700,000 jobs lost due to IP theft will be yours!

Kevin G. Coleman, a consultant and advisor with Technolytics Institute, writes the Data Security column for TMCnet. To read more of Kevin�s articles, please visit his columnist page.

Edited by Erik Linask

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers