This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
This Website Uses Cookies
By closing this message or continuing to use our site, you agree to our cookie policy. Learn More
This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • Home
  • News
    • Security Newswire
    • Technologies
    • Security Blog
    • Newsletter
    • Web Exclusives
  • Columns
    • Career Intelligence
    • Security Talk
    • The Corner Office
    • Leadership & Management
    • Cyber Tactics
    • Overseas and Secure
    • The Risk Matrix
  • Management
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • More
  • Physical
    • Access Management
    • Video Surveillance
    • Identity Management
    • More
  • Cyber
  • Sectors
    • Education: University
    • Hospitals & Medical Centers
    • Critical Infrastructure
    • More
  • Exclusives
    • Security 500 Report
    • Most Influential People in Security
    • Top Guard and Security Officer Companies
    • The Security Leadership Issue
    • Annual Innovations, Technology, & Services Report
  • Events
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
    • Security 500 West
  • Resources
    • The Magazine
      • This Month's Issue
      • Digital Edition
      • Archives
      • Professional Security Canada
    • Videos
      • ISC West 2019
    • Photo Galleries
    • Polls
    • Classifieds & Job Listings
    • White Papers
    • Mobile App
    • Store
    • Sponsor Insights
    • Continuing Education
  • InfoCenters
    • Break-in Prevention
    • Building AppSec in Enterprises
    • Video Management Systems
  • Contact
    • Editorial Guidelines
  • Advertise
Home » The Top 5 Considerations of IP and Trade Secret Theft Investigations
Security Enterprise Services

The Top 5 Considerations of IP and Trade Secret Theft Investigations

Generic Image for Enterprise Services
December 13, 2011
Jim Scarazzo and Veeral Gosalia
KEYWORDS data / employee / security investigations / theft prevention
Reprints
No Comments

 

The biggest threat to a company's intellectual property doesn't come from the outside; it comes from within. According to a recent study, the U.S. Chamber of Commerce estimates that 75% of employees steal from the workplace.[i] Sometimes intellectual property is not properly accounted for, such as when a salesperson exits the company and corporate does not perform a proper exit interview and associated procedures, or when the salesperson neglects to erase sensitive client data from his or her personal computer after leaving the company. Other situations are conducted with malice, such as when an employee downloads proprietary materials from internal databases and transmits them to a competitor. Perhaps the most serious and potentially threatening scenario is when a team of employees collude to steal trade secrets as they depart the organization to form a competing business.

Regardless of whether the theft is a mistake or deliberate, when a theft occurs, a company needs to protect itself and its valuable information before significant damage is done. To do this requires a thorough investigation of the company's data systems and, if possible, the hardware devices used by the likely suspects. These are sophisticated forensic investigations, often well beyond the capability of a company’s information technology or security staff.  Companies should consider an independent forensic investigation team that is versed in proper evidence collection procedures such that the investigation and following litigation, if needed, will not be compromised by tainted evidence due to faulty collection practices.

The following are five of the top considerations companies should take into account prior to initiating an IP theft investigation.

1. Modern Technology Benefits the Thieves: As technology has changed, so too have the methods of IP theft. A while ago, a perpetrator would have to steal an entire notebook or even a file cabinet from an office or building unnoticed. Today, USB drives and smartphones are becoming physically smaller while storage capacity is increasing at an extraordinarily fast rate. Additionally, with so much information stored electronically and in cloud environments, transmitting sensitive data from one location to another has become incredibly easy. This means there is a myriad of devices and transfer protocols that investigators may need to search to compose a picture of how the incident of theft occurred.

2. Modern Technology Can Also Benefit the Investigators: Some of the same advances in technology that aid criminals can also aid investigators in their attempt to piece together the crime. For example, files stored locally, such as Word and Excel documents, contain important metadata fields that investigators can rely on to help identify what material may have been taken.   Also, while the Windows operating system doesn’t by default maintain a log of what files have been copied externally, computer forensic examiners can analyze certain operating system artifacts to understand the events that transpired leading up to the potential copying of data.  For example, by examining the Microsoft Windows Registry, investigators may be able to learn when a USB drive was connected to the PC and the USB drive’s serial number.

3. Preservation Is Key to a Defensible Investigation: If a company suspects that it is the victim of IP theft, preserving the integrity of the potentially compromised files should be a priority since it could impact the company’s options for future action. This requires the technical skills of a computer forensics expert. Improperly accessing the files can inadvertently alter the metadata or hamper the ability to recover deleted files and result in spoliation of evidence. It is critical that companies only employ a trained professional to access the data using trusted forensics technology. For example, the forensics expert will properly preserve the original device and create a “working” copy of the device for investigation purposes. Bottom line, the original device is preserved and is not altered.

4. Conducting an Investigation Should Be a Business Decision: Conducting a forensics investigation on every outgoing employee's computer devices may not be practical. Instead, companies should assess the context of an employee's departure to determine whether launching a forensics investigation is a sound decision. For example, if an employee has only been at a company for two weeks and has had low-level access to internal information, he is probably not a significant threat. Then again, with poor information security and the proliferation of devices to download data, think WikiLeaks, a lot of damage can be done in days or even hours.  Certainly, whenever a senior member leaves or if several employees all exit at the same time, the cost of a forensics expert may far outweigh the cost of uncertainty.

5. Rely on an Expert Data Forensics Specialist: Because of the complexities that surround handling electronic data, it is critical that companies invest in skilled data forensics specialists for IP theft investigations. As mentioned earlier, the data forensics expert can forensically image relevant computer devices and preserve the integrity of associated metadata. Additionally, a specialist will have a general understanding of business computer systems, how they might be used and where data lives, which results in an expedited investigation process. If questions arise about the company's IT network, data forensics experts are trained to effectively  communicate with counsel, preparing affidavits, experts reports, and testifying to help the company pursue injunctions and court orders to stop the thief from using and exploiting the company’s stolen intellectual property.

Subscribe to Security Magazine

FTI Consulting
FTI Consulting

Related Articles

5 Ways to Leverage the Benefits of IP Video at Retail

Cybersecurity: Vital to Legal and Technical Protection of Trade Secrets

You must login or register in order to post a comment.

Report Abusive Comment

Subscribe For Free!
  • Print & Digital Edition Subscriptions
  • Security eNewsletter & Other eNews Alerts
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Dispelling the Dangerous Myth of Data Breach Fatigue; cyber security news

Major Retailer Macy's Is Hacked

server room, cybersecurity, penetration testing,

Explained: Firewalls, Vulnerability Scans and Penetration Tests

cyber network

How to Achieve Cybersecurity with Patience, Love and Bribery

ransomware-enews

British American Tobacco Suffers Data Breach and Ransomware Attack

cybersecurity-blog

European Hotel Group Suffers Data Breach Impacting 600,000 Hotels Worldwide

SEC2019_Everbridge_1119_360x184customcontent

Events

December 17, 2019

Conducting a Workplace Violence Threat Analysis and Developing a Response Plan

There are few situations a security professional will face that is more serious than a potential workplace violence threat. Every security professional knows and understands that all employers have a legal, ethical and moral duty to take reasonable steps to prevent and respond to threats of violence in their workplace.
January 23, 2020

The Value of a Unified Approach to Critical Event Management

From extreme weather to cyberattacks to workplace violence, every organization will experience at least one, if not multiple, critical events per year. And in today’s interconnected digital and physical world, the cascading safety, brand, and revenue impacts of critical events are more severe.
View All Submit An Event

Poll

Emergency Communications

What does your enterprise use to communicate emergencies to company employees?
View Results Poll Archive

Products

Effective Security Management, 6th Edition

Effective Security Management, 6th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

See More Products
SEC500_250x180 clear

Security Magazine

SEC-December-2019-Cover_144px

2019 December

This month, Security magazine brings you the 2019 Guarding Report, featuring David Komendat, Boeing CSO, and many other public safety leaders to discuss threats and solutions for 2020 and security officer training. Also, we highlight Hector Rodriguez, Director of Public Safety and Security at Marymount California University, CCPA regulations, NIST standards, VMS and much more.

View More Create Account
  • More
    • Market Research
    • Custom Content & Marketing Services
    • Security Group
    • Editorial Guidelines
    • Privacy Policy
    • Survey And Sample
  • Want More
    • Subscribe
    • Connect
    • Partners

Copyright ©2019. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing