By Matt Yarbrough
You’ve finally done it. After years of working for somebody else, you’ve managed to hit on the Internet killer app that is going co be your ticket to the big show. Nor only that, but you’ve also just received $10 million in first-round funding. Everyone from Silicon Valley to Wall Street is abuzz about you. Suddenly, scandal! You have to fire the head of the product-development team, and there is a rumor that she took a number of business-process documents and plans for different types of media storage with her when you gave her the boot. A week later, she has set up shop across town and is somehow making the same software and hardware that you developed. Not only that, she’s poaching your employees. Worse, your IPO is six months away and the street is catching wind of these unfortunate developments.
This hypothetical scenario seems the stuff of corporate melodrama. Ir may be something that will never happen to your company-but don’t be too sure. This situation is similar to a case I handled when I was cybercrimes prosecutor with the U.S. Department of Justice. Known as Tejas, it is one of the largest cases of its kind on record.
In December 1999, I prosecuted three people and three companies under the Economic Espionage Act, which makes it illegal to steal trade secrets-confidential proprietary business information. The main culprit, Texan Jack Shearer, left his job at manufacturer Solar Turbines with more than a goodbye cake-the secrets he stole made him $7.5 million richer. Solar Turbines had spent 20 years and some $200 million developing its industrial gas turbines. After Shearer left Solar, he paid insiders to steal schematics and engineering blueprints. Armed with those, he hired outside manufacturers co build the machinery, which he then sold. He passed off the counterfeits as genuine Solar equipment and pocketed the proceeds. He also sold some of it to countries subject t0 trade embargoes such as Iran and Iraq.
The good news is Shearer was sentenced to 57 months in prison. The bad news is this story is likely to be repeated until companies do more to protect their business secrets against the Jack Shearers of the future. A recent PricewaterhouseCoopers survey of prominent attorneys found that 91 percent are either involved in or expect to be involved in intellectual property litigation in which economic damage claims exceed $100 million. While much of litigation is likely to pit company against company, a significant portion of litigation will no doubt stem from the actions of company insiders.
Crooks on your payroll
While the media tend to focus on outsiders as the culprits, it is nor teenage crackers such as MostHateD and Coolio who arc the most threatening New Economy crooks. The truth is, the person who is going to steal and disclose proprietary business information is most likely an employee. Insiders, unlike outsiders, already have access to the company crown jewels. While some degree of healthy paranoia is warranted the most important lesson to learn is that everyone in your company, from the CEO to the shipping clerk, should be schooled in the value of your company’s intellectual property. There are three principal steps a company should take, preferably with the help of someone such as an attorney with intellectual property expertise:
• Conduct an intellectual property audit, determining exactly what constitutes your intellectual property. Some things arc obvious, such as code or schematics. Other things, such as vendor lists, are not so obvious bur should also be considered proprietary.
• Create a structure to protect your property. If it’s on your intranet, make sure it’s not universally accessible. When Shearer began his scam, he called an old friend at Solar who primed our blueprints for him, even though that friend had no professional reason to have access to them. Solar also had no way of knowing who had printed the material and when it had happened.
• Prepare a response in the event that your intellectual property is stolen . Even the tightest security can have cracks in it, and not knowing what to do when you become a victim will only make matters
Training, training, training
Once you arc clear on what it is, you should make sure your employees are trained to properly handle your intellectual property. T hey should be told what can be shared outside the company and what must never be. Companies spend millions of dollars on sales training, bur never consider the necessity of in-house trade-secret training. Employees work every day with important business secrets such as customer lists, sales information, software alpha code, and schematics, but they often do not understand the effect this information has on the bottom line. The result can be loss of consumer confidence in buying your product over the Net, and damage to your reputation, your brand, and your stock value.
Of course, no amount of training can protect you from a rogue employee who wants to make a quick buck off of your ingenuity. Most executives, of course, feel comfortable with the people they have placed in sensitive positions, but the risk remains.
Security buttresses advantage
Many companies that spend billions of dollars s for physical security– for video cameras and for security guards who drive around in golf carts checking padlocks on warehouse doors–put little thought, effort, or resources into network security. It’s not the widgets in your warehouse that your competitors want, it’s your business secrets; intellectual property is what gives your company its value and competitive advantage.
Just to make it a little scarier, imagine that the information disclosed is not a blueprint or design, but personally identifiable customer information. In such a case, you not only risk economic devastation, but you also could be sued for Failure to protect your customers’ privacy.
Startups typically are the weakest when it comes to network security, which is something investors should keep in mind–venture capitalists will most certainly watch for it as they rein in their money-tossing strategy in favor of sober, more- reasoned investment strategies . Whatever the company, a little thought and prevention will go a long way to keeping you off the victim’s list .