Overlooked Data Leaks

Your employees have many ways — both purposeful and inadvertent — to share proprietary information

Many trade shows provide networking opportunities where people can meet and perhaps extend their network of industry contacts. Many of these are informal activities where alcohol is served. Because the atmosphere does not feel like a work environment and inhibitions are lowered due to alcohol consumption, people are more likely to share confidential information. The phrase, “I shouldn’t be telling you this but…” is commonly overheard in these surroundings. Add a flirtatious member of the opposite sex and trade secrets will be shared frequently and willingly.

For some, the concept of people unwittingly or cavalierly sharing confidential information is absurd. But think about how people use cell phones. Nearly everyone has witnessed a person shouting confidential information into their cell phone while in a public space. I learned a lawyer’s strategy in a lawsuit by simply following him down the jetway onto a plane. He was completely unaware of his surroundings.

Corporate Espionage

For those that consider some of these data leaks unimportant or low-risk, keep in mind that there are groups of people who specialize in corporate espionage and competitive intelligence. They look for inadvertent leaks of confidential information. This can be a serious business pursuit. The Society of Competitive Intelligence Professionals was created for those whose main interest is competitive intelligence. This is not a group of spies wandering around in trench coats, these are people who are involved in “…the legal and ethical collection and analysis of information regarding the capabilities, vulnerabilities and intentions of business competitors.”

But there are those who take the concept of competitive intelligence and corporate espionage to the next level. These are individuals who will purchase and use covert listening devices and recorders as well as keystroke capture hardware and software. One only has to look at sites like Spy World (www.spyworld.com) and Spylife.com to see that affordable equipment is accessible to anyone who takes the time to look for it. I initially thought that these sites catered to those who were living on the fringes of society, and the equipment did not necessarily perform as promised. I had the opportunity to ask an FBI agent who was responsible for covert surveillance installations whether these consumer-grade products actually worked. He said they worked, but then he smiled and said, “Our stuff works better.”

Preventing data leaks requires multiple layers of protection. In addition to standard security tools and mechanisms, employees must be trained to create a culture of security, to recognize and embrace the value of protecting trade secrets. But even more importantly, an organization must aggressively pursue and reprimand — using legal recourse if necessary — to punish those that share company secrets.

John Mallery is a managing consultant for BKD, LLP, one of the ten largest accounting firms in the United States. He works in the Forensics and Dispute Consulting unit and specializes in computer forensics. He is also a co-author of “Hardening Network Security,” which was published by McGraw-Hill. He can be reached at jmallery@bkd.com.