9.Consistently and aggressively go after employees who violate non-compete agreements in jurisdictions where they are enforceable. Encourage your organizationâ€™s legal team to learn about the civil remedies associated with the Computer Fraud and Abuse Act (CFAA). While this is a criminal statute, it has been effectively applied to theft of trade secrets cases. It has a very low threshold of $5,000 which may be easily reached during an investigation into the loss of trade secrets. See Nick Ackermanâ€™s excellent article, â€œTrade Secrets: CFAAâ€™s $5,000 Thresholdâ€ (www.dorsey.com/news/).
Strong Policy Is the Foundation All the measures outlined above should be added to standard IT security policies and procedures such as
â€¢ an acceptable use policy for corporate computer systems. Have employees sign it and put it in their personnel folder.
â€¢ secure passwords that are changed periodically. â€¢ anti-virus programs that are kept up to date.
â€¢ forensically wiping the hard drives of discarded computers.
â€¢ updating all operating systems and applications.
â€¢ intrusion prevention/intrusion detection systems. Ensure they are monitored frequently by a qualified individual.
â€¢ periodic assessments of your network security. These should include a combination of third-party vulnerability assessments and the judicious use of tools such as the Microsoft Baseline Security Analyzer and the benchmark and scoring tools available from the Center for Internet Security (www.cisecurity.com).
Listing these fundamental IT security principles seems a little silly, but I have been involved in the IT security industry for 10 years, and I still see organizations that overlook one or more of these steps. By combining a sound IT security program with the internal controls mentioned in this article, organizations can maintain control over their proprietary information and trade secrets.
John Mallery is a managing consultant for BKD, LLP, one of the 10 largest accounting firms in the United States. He works in the Forensics and Dispute Consulting unit and specializes in computer forensics. He is also a co-author of Hardening Network Security, which was recently published by McGraw-Hill. Mr. Mallery can be reached at firstname.lastname@example.org