The confidential information and trade secrets of U.S. corporations will be stolen, the only questions are when, and how much damage will the theft cause? Indeed, Congress has heard this year from a slew of witnesses who have testified about the threat posed by foreign hackers who penetrate U.S. companies’ computers and steal valuable data and intellectual property. FBI Director Robert Mueller testified that hacking could soon replace terrorism as the FBI’s primary concern. Gen. Keith Alexander, head of the military’s Cyber Command, characterized the losses caused by cybertheft as the “greatest transfer of wealth in history.”
At the same time, however, employees and other insiders, who by virtue of their position have access to companies’ confidential information, remain the greatest threat to the security of the intellectual property. According to a study I conducted of the 120 prosecutions the government has brought for theft of trade secrets, in more than 90 percent of the prosecutions, the defendant was an “insider” and had access to the trade secrets because he or she either was an employee of the victim, or worked for a vendor or contractor of the victim.
Companies should also be aware that defendants almost always misappropriate the trade secrets shortly before resigning from the victim company. In addition, most information is obtained by downloading from the companies’ computer system.
The threats to confidential data are even greater for companies that operate overseas, especially in countries that don’t enforce the protection of intellectual property rights to the same extent as the United States. It is critical, therefore, that U.S. companies operating worldwide adopt a set of best practices for protecting intellectual property that not only applies to their U.S. employees, but to their foreign offices as well.
There are a number of best practices that a company, whether operating domestically or internationally should adopt:
It is especially important that U.S. companies operating internationally understand that regardless of the steps undertaken to protect their confidential information, the protection is only as strong as the weakest link; companies must continuously evaluate the situation and implement new protections as the situation warrants. At a minimum, companies, regardless of where they do business, should implement the following additional measures:
Even with best practices for protecting intellectual property, companies are still vulnerable to having their confidential information and trade secrets misappropriated. Accordingly, it is crucial that companies not only continuously re-evaluate their practices, but also consult with security and legal experts in each country that they do business to make sure it’s not running afoul of any laws and is protecting its valuable information in a manner that preserves all available legal protections. The review should emphasize internal threats and the danger of foreign economic espionage, especially to high-tech companies.
About the author:
Peter J. Toren is a partner with Weisbrod, Matteis & Copley in Washington, D.C. He was also federal prosecutor with the Computer Crime & Intellectual Property Section of the Justice Department and is the author of Intellectual Property & Computer Crimes. Send comments on this column to [email protected].
01 Nov 2012