Recent surveys suggest than half of employees admit to stealing Intellectual Property (IP) from their company when they are fired. Their reasons appeared to range anywhere from wanting to make their former employer look bad out of vengeance to wanting to branch out on their own and start a competing business.
Regardless of the motivation behind the act, the statistics suggest that this type of behaviour is a strong trend and shows no sign of slowing down. With the prevalent use of technology in the workplace and ease of access to information, it is easy to understand why these figures are so accurate.
The good news is that there are many things that business decision makers, human resource (“HR”) and information technology (“IT”) departments can do to limit the frequency of these events at the hands of a departing employee.
First and foremost, when the employee resigns or is dismissed, the HR department must immediately contact the IT administrator and have them terminate the former employee’s user credentials to access their individual computer systems, including remote sign in, and any data stored on IT network servers. This prevents the employee from coming into the office later that night with a USB external flash drive or accessing computers from their home, and making off with any manner of documents.
Next, businesses may want to consider contacting a digital forensics firm to have the former employee’s workplace devices forensically imaged for future examination. (For more information click here.) There may have been emails sent, documents written, or other confidential material that may have been taken by the employee that the employer could be unaware of for days, weeks or months after the employee has left.
A digital forensics firm should be engaged to perform this task because they will have the specialized tools, training and forensic software to capture non-overwritten deleted data stored on devices. This tends to be the most important source of evidence in investigations of this nature and the IT department of the vast majority of businesses do not have this capability.
In many cases, it may be appropriate for a business to use software systems known as Data Loss Prevention (“DLP”). A DLP system sends an alert to IT saying that a particular file on the IT network is being accessed or copied by a particular user. While some of these alerts will invariably be false alarms, some will be real IP theft and the value in preventing such acts often far outweighs the inconvenience of responding to the occasional false positive notification.
Finally, an important variable in this equation that many companies overlook is the physical aspect of IP theft. HR professionals should ensure that personnel collects keys and/or change locks entirely. In the case of electronically coded access to doors, the former employee’s code ought to be immediately disabled along with any security alarm codes provided to or used by the former employee.
Where some form of exit interview is performed, HR should note what, if any, personal devices were used by the employee during the course of their employment as such devices may contain data or IP belonging to the business.
Businesses would be well server to never assume that data and IP is safe when an employee leaves. Once the data or IP is copied and removed from the business, it can be difficult to track down and, in some cases, nearly impossible to determine how many copies were made or uploaded to another device or cloud source.