We’ve all heard stories about employees stealing products, supplies and even money from their employers. But one of the biggest issues facing today’s employer is the theft of what is sometimes considered soft assets – the client list, trade secrets, intellectual property or proprietary data. We briefly went over this topic in another article you may want to check out.
In fact, a recent story showed that a DuPont consultant was able to steal more than $400 million dollar’s worth of trade secrets and sold these to a Chinese business for $28 million. He was caught, arrested, tried and convicted. However, his case serves as a warning of how easy it can be for someone to abscond with a company’s secrets.
In order to protect your trade secrets, it’s important to take the following precautions.
- The first thing you need to do is to identify the different levels of data within your company. Some data may be considered public knowledge, where others should be classified solely as need-to-know by a very limited number.
- Once you’ve identified the types of data that exists in your company, you must create your inventory list. Data that is in any way sensitive should be recorded as to where the data exists, who has access to the data and how the data should be used.
- It’s always very important to track access to your data. If the data is extremely sensitive, it might be placed on a very secure server that only certain people have access to or perhaps it’s uploaded to special software that tracks login and retrieval attempts. This becomes more important when someone with access to trade secrets leaves the company. You want to double-check he doesn’t take something with him he shouldn’t.
- As always, policies and procedures related to data security and the proper handling of data must be developed. Certainly, employees need to be given free access to data that is required for them to do their job, but there should also be an emphasis on data security and ownership of company data. It’s very important that what might constitute illegal and unethical activities are pretty clearly defined and leave no doubt in the employee’s mind.
- Even if the data is placed on a secure server, you should always look for gaps in physical security that might allow someone unauthorized access. This may mean the person who scans in a document should always properly secure the hard copy or it may mean the technicians who work on the server must use physical badges or unique logins when doing their job.
- Annual or semi-annual training is also imperative. Employees are often bombarded with way too much information, so a good follow-up every six months or so as a reminder can help them be more diligent at all times.