Detecting Insider Threats to Trade Secrets

, Corporate Counsel

   |4 Comments

For companies to confront the issue of insider threats to trade secrets and other sensitive data, security experts say they have to focus on identifying at-risk behaviors among employees.

This article has been archived, and is no longer available on this website.

View this content exclusively through LexisNexis® Here

Not a LexisNexis® Subscriber?

Subscribe Now

Why am I seeing this?

LexisNexis® is now the exclusive third party online distributor of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® customers will be able to access and use ALM's content by subscribing to the LexisNexis® services via lexis.com® and Nexis®. This includes content from The National Law Journal®, The American Lawyer®, Law Technology News®, The New York Law Journal® and Corporate Counsel®, as well as ALM's other newspapers, directories, legal treatises, published and unpublished court opinions, and other sources of legal information.

ALM's content plays a significant role in your work and research, and now through this alliance LexisNexis® will bring you access to an even more comprehensive collection of legal content.

For questions call 1-877-256-2472 or contact us at customercare@alm.com

What's being said

  • Caroline Schroder

    Businesses all too often do not train their employees in the diverse nature of trade secrets; particularly when engaged in development of the trade secrets, employees often confuse their own rights, thinking that the trades secrets may be used on the side or may be taken with them when they leave. Some businesses change their rules repeatedly or let some employees use for themselves what others may not. Think of the confusion businesses create over customer lists.



    Meanwhile, "competitive intelligence", formerly called "industrial espionage", has gone far to legitimize trade secret theft, even as entire industry sectors have thrived for decades on complete lack of accountability for the security and performance of their support products. Leaders everywhere have reduced the economy and employment into machinery driven solely by numbers. The company that siphons other companies' secrets, including customers' secrets, cannot be surprised if the moral tone pervades internally.



    The grim truth is that insider employees need have no risk factors, (even valued, trusted, rewarded, and well paid employees), and many simply view misappropriation of trade secrets as a financial transaction: the employees have access to secrets for which someone else will pay and so the employees step up to the plate. They see no questions of morality, ethics, need, or retribution. The only question in such an employee's mind is the question widely endorsed globally: "What's in it for me?"

  • Caroline Schroder

    Businesses all too often do not train their employees in the diverse nature of trade secrets; particularly when engaged in development of the trade secrets, employees often confuse their own rights, thinking that the trades secrets may be used on the side or may be taken with them when they leave. Some businesses change their rules repeatedly or let some employees use for themselves what others may not. Think of the confusion businesses create over customer lists.



    Meanwhile, "competitive intelligence", formerly called "industrial espionage", has gone far to legitimize trade secret theft, even as entire industry sectors have thrived for decades on complete lack of accountability for the security and performance of their support products. Leaders everywhere have reduced the economy and employment into machinery driven solely by numbers. The company that siphons other companies' secrets, including customers' secrets, cannot be surprised if the moral tone pervades internally.



    The grim truth is that insider employees need have no risk factors, (even valued, trusted, rewarded, and well paid employees), and many simply view misappropriation of trade secrets as a financial transaction: the employees have access to secrets for which someone else will pay and so the employees step up to the plate. They see no questions of morality, ethics, need, or retribution. The only question in such an employee's mind is the question widely endorsed globally: "What's in it for me?"

  • Caroline Schroder

    Businesses all too often do not train their employees in the diverse nature of trade secrets; particularly when engaged in development of the trade secrets, employees often confuse their own rights, thinking that the trades secrets may be used on the side or to be taken with them when they leave. Some businesses change their rules repeatedly or let some employees use for thmselves what others may not. Think of the confusion businesses create over customer lists.



    Meanwhile, "competitive intelligence", formerly called "industrial espionage", has gone far to legitimize trade secret theft, even as entire industry sectors have thrived for decades on complete lack of accountability for the security and performance of their support products. Leaders everywhere have reduced the economy and employment into machinery driven solely by numbers. The company that siphons other companies' secrets, including custmers' secrets, cannot be surpised if the moral tone pervades internally.



    The grim truth is that insider employees need have no risk factors, (even valued, trusted, rewarded, and well paid employees), and many simply view misappropraition of trade secrets as a financial transaction: the employees have access to secrets for which someone else will pay and so the employees step up to the plate. They see no questions of morality,ethics, need, or retribution. The only question in such an employee's mind is the question widely endorsed globally: "What's in it for me?"

  • David Coughlin

    The timing is great for this article as secrets seem to be spilling out on a daily basis (today's news is the Stuxnet leak by a retired 4 star general). Ms. Dunn make a good point about how "clear policies can be a big help." However, the word "can" should be given a some attention.

    Many companies have policies, confidentiality agreements, encryption, and other measures aimed at protecting trade secrets. The problem comes in when there is not a top-down environment of knowledge, respect, and compliance to such policies. Far too often the measures that should be taken for trade secret protection take a back seat. The argument is typically that ?the company must create a balance of trust and goodwill with employees and contractors.? A balance is a good thing WITH appropriate risk management. Some examples include not making everything a ?secret? and creating levels of protection with lower and higher value information having the appropriate focus. (In other words, don't put a 10 cent lock on a $1M home and don't put your petty cash in Fort Knox.) Understand what ?balance? between trade secret protection and other company goals means and have a strategic and enterprise wide plan. Unfortunately, the ?balance? is often left to individual managers without providing clear direction.

    By far, the biggest obstacle to maintaining successful trade secret protection programs is the lack of senior management support. For years safety has been given due attention. It's not uncommon to see "Safety First" signs and charts showing how many days a company has gone without an accident. With successful safety programs, overall company support is clear. The same can and should be true for trade secret protection programs. Everyone must know about the program and understand without question the importance to which the company places on the program. This speaks directly to a key element in trade secret enforcement. It's an unfortunate but not uncommon occurrence in trade secret litigation for a manager to be asked about the company's trade secret policy and for that manager to respond that he/she knows nothing about any such program.

    Why are companies often resistant to use proper business practices in this area? Perhaps at one time the answer could have been a lack of understanding of trade secrets. Today, the real answer is a lack of respect for the damage that can be done by a breach and the over valuation of reactionary measures. Trade secret policies and their implementation clearly take a backseat to revenue. The key for in-house counsel is to thoroughly understand the business and be a part of the process. In this way, the corporate counsel will be able to effectively and efficiently apply the correct levels of trade secret protection. His/her recommendations will also be respected if they are coming with an enterprise wide perspective.

    While analyzing behavior threats and other investigative tools are helpful, without senior management support of an enterprise wide trade secret protection strategy, using such tools can be as useful as ordering a fire extinguisher only after smelling smoke and seeing flames.

Comments are not moderated. To report offensive comments, click here.

Preparing comment abuse report for Article# 1202608807075

Thank you!

This article's comments will be reviewed.