In the constant war for information security between businesses and cybercriminals, we are so focused on the faceless, outside enemy that we often fail to recognize potential double agents within our own ranks. With so many resources devoted to preventing hackers and cybercriminals from getting past our external network defenses, it’s easy to neglect internally based intellectual property (IP) theft.
IP theft is staggeringly costly to the global economy: U.S. businesses alone are losing upwards of $250 billion every year. As it turns out, IP thieves are most often either current or former employees. We trust most of our employees to do the right thing, but the malicious actions of a single person can jeopardize the health of the business and jobs for everyone.
A research review (PDF) by Drs. Eric D. Shaw and Harley V. Stock sheds light on IP thieves and some of the common elements among these malicious insiders, such as the personality of the people involved. Certain people have personalities that predispose them to theft. When combined with stressors such as job- or family-related problems, they become more likely to cross the line from potential to action.
Guarding against IP Theft
In order to keep IP safe, it’s important to (1) recognize potential thieves, and (2) respond to the threat. The key is your awareness of risk factors from the very beginning. For example, pre-employment screenings are valuable for developing a personality profile of candidates. You can take advantage of interviews, personality tests, and an examination of the person’s online presence in social media. Taken together, these can provide important behavioral clues to keep in mind throughout the duration of an individual’s employment.
The next step is to provide training for employees. Most IP thieves had previously signed agreements regarding the confidentiality of IP. All employees should be regularly reminded of the policies that are in place, as well as the consequences of a violation, to keep them conscious of their actions.
Employees and managers should also be trained to recognize behavior in others that could be indicative of potential IP theft. Research indicates that at least one-third of IP theft incidents are preceded by clear indicators. This might include sudden changes in behavior or altercations with other coworkers. This vigilance on the part of the average employee is particularly important because in most cases it’s employees not involved in a technical role who discover the theft.
When it comes to responding to potential IP thieves, you should put together a specially designated team, formed from individuals across your organization. This team should involve representatives from legal, IT, HR and security departments, who will be empowered to gather the relevant information to take action when necessary. They should also pay careful attention to employees who are leaving the organization, as that is when most theft occurs.
You need to maintain vigilance among your own employees in addition to guarding against outside attacks on your information. Intellectual property is a valuable commodity, and you should be careful not to turn a blind eye to the possibility of inside incidents. Implement employee training to prevent and identify IP theft, and maintain a cross-functional team to mitigate situations that arise, in order to make sure you don’t have a traitor in your midst. In a world where intellectual property is stolen at an alarming rate, it’s important for organizations to take a closer look at the threats coming from inside their walls as well as out.
Read more about protecting your organization from malicious insiders here.Tags: data loss prevention, insider threat, IP protection, malicious insider