The theft of intellectual property and particularly of trade secrets has become an area of increasing concern among businesses in the past decade. In part, this appears to be due to the relative ease with which such information can be stolen over legitimate network access links.
A study by the Insider Threat Lab of the CERT Program at Carnegie-Mellon’s Software Engineering Institute analyzed 58 cases of insider theft of trade secrets in detail. Its findings are contained in a report available here as a free PDF file.
According to the study, the three main techniques used by insiders to remove trade secrets from a company are:
- email from work: 30 percent
- removable media: 30 percent
- remote network access: 28 percent
This means that 58% of all such incidents involve the use of network resources via email or direct remote network access. Only a relatively small percentage (30%) required physical access to the facility or the data source
Employment agreements should contain specific prohibitive clauses specifying limitations on the use of email and remote network access. In addition, your IT security teams should be identifying and implementing ways to protect trade secret information behind secondary password-protected firewalls or using other similar technologies to prevent the easy removal of such information electronically.