Enacted in 1996, the Economic Espionage Act makes it a federal crime to steal information like company secrets, intellectual property and other data. It was a timely law, because by 2001 USA Today was reporting 387,000 company laptops had been lost or stolen the previous year. But even that’s a far cry from today, when a stolen laptop is the least of your worries.
Flash drives, smartphones, email, social media and the bring-your-own-device (BYOD) epidemic make losing or stealing company information extremely easy. On October 10, 2013, a dozen years after the first USA Today piece, the paper printed a story by Tom Kemp, writing for Cyber Truth, in which he reported 113 smartphones were lost or stolen every minute in the United States. Consumer Reports concurs with the volume, reporting 3.1 million smartphones stolen in 2013.
Hackers are a huge threat to business, disrupting networks and stealing all sorts of data. The media and IT companies concerned about security are honing in on that story, but just as threatening is the employee who — through negligence or ill-will — puts the crown jewels of the company out in the public eye, through a mobile device or online. According to a 2010 Gonzaga Law Review study of federal court cases, 85 percent of trade secret cases involved a former employee of the company as the person who stole or misappropriated the secrets. In many cases the former employee or business partner was moving to a competitor or starting his or her own company.
Counter Threats With Risk Assessments and Education
The easiest way to see if you’re at risk is to do a risk assessment. Then draft and implement the proper policies and train your employees not to leak data.
For a simple risk assessment, determine what information your company collects, processes and stores at allingress and egress points. Know where your sensitive data resides. You also need to know who has access to what information, and whether that person has a need-to-know. This includes external access as well. Do not overlook the levels of access and security you give your vendors and partners.
Your employee policies should outline the expectations of employees in protecting data, as well as any vendors who might have access to the crown jewels. Train your people to understand the threats at all points, whether they’re at work, on the go or at home. Your most precious data is now everywhere and most of us have lost control via mobile devices.
A good cyber security class will reveal how vulnerable we all are to hacking, intrusions, loss and theft of information. Once employees understand how loss of data can impact their personal and professional lives, most people become much more cautious about how they handle the data.
David Willson, owner of Titan Info Security Group, is also a contributing member of PSA Security Network.