Handling Employees To Prevent Corporate Espionage
By Victor Joel Harvey
Companies today must remain vigilant in order to prevent their trade secrets and other confidential information from being compromised by both outside sources and by sources inside the organization. Increasingly common, employees often intentionally or unintentionally “leak” confidential information stored on company computers, laptops, or networks. The following is a listing of measures that should be taken by companies in an effort to prevent breaches of data made by employees:
- Education of employees regarding their responsibility to keep non-public company information confidential is essential.
- Monitoring of all electronic devices used to access information, including company computers, cell phones, and other devices.
- Restricting or not allowing the use of non-company devices on company computers and networks, such as CD/DVD writers, USB flash drives, and other recordable media.
- Employees with access to confidential data should be made to sign a non-disclosure and non-compete agreement in order to give the company additional legal recourse in the event that an employee improperly discloses confidential information or customer data.
- At the initial employment stage, potential employees should have background checks or security clearances performed. In addition, a thorough history of employment and references should be obtained.
- Monitoring of employee postings to blogs, social media, chat sites, and discussion boards–especially those that are outside of the company intranet.
- If possible, restrict employees to use of only the company intranet. If not a possibility, restrict access to only websites or areas of the Internet needed to perform their job.
- Teach employees to be vigilant of suspicious activities, including emails from unknown sources and potentially dangerous email attachments.
- Require employees to change passwords frequently. Require that passwords be comprised of a minimum of 8 characters consisting of upper and lower case letters, numbers, and special characters.
- Create an anonymous tip line where employees can report suspicious activities of others believed to be involved in corporate espionage.
- Provide information to employees on an as-needed basis only. Employees should have access to only the information needed to do their job.
- Employers should consider installing surveillance cameras and audio recording equipment, if allowed by law, to deter potential information gathering and distribution of confidential company information. It is important that this surveillance also be monitored closely.
- Companies should conduct internal investigations and follow up on reports of corporate espionage, including a method of reporting incidents to law enforcement (if needed).
- Employees should be swiftly disciplined (which may include termination) for failure to follow company policies regarding the handling of confidential information.
- Confidential designations and markings should be kept on all confidential information.
- Special care should be taken to closely monitor the electronic equipment and behaviors of employees who will soon be leaving employment with the company, as espionage is statistically more likely at that time.
This list, although not exhaustive, should certainly provide some security policies and procedure ideas designed to protect a company against corporate espionage. Remember…prevention is the key when it comes to protecting confidential data.