Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

The new face of corporate espionage and what can be done about it

By Evan Gibbs
corporate-freepik1170x658v503646.jpg

Image by ilixe48 via Freepik

August 1, 2022

When I tell people that my law practice is heavily focused on corporate espionage litigation and investigations, the typical response is, “Oh, that sounds really cool.” The word espionage brings to mind secret agents stealing classified information from tightly-guarded buildings, barely escaping with huge explosions in the background. 


And sure, that’s one type of espionage. But there’s another, much more common type happening at nearly every company in the world. 


Modern-day corporate espionage is the infiltration or exfiltration of data, documents, and information belonging to one company, individual, or state actor for use by another company, individual, or state actor. 


The materials we’re talking about can be secret-sauce-type information. But more often, it’s mundane things like financial data or modeling, operational documents, software coding and algorithms, customer information, and other confidential materials. These materials are sometimes trade secrets, but not always. 


Corporate espionage can happen via external means — i.e., people outside the organization trying to get insider information using methods such as hacking or phishing. Because of the prevalence and severity of these external threats, many companies’ digital security personnel overlook internal threats.


Internal threats typically involve individual employees or contractors (and often groups of employees or contractors) who are freely given access to sensitive and confidential corporate materials for the performance of their work for the company. 


These individuals then download those materials to a personally-owned external drive, usually an external hard drive. People also send company materials to their personal e-mail accounts and upload company data to personal accounts on cloud-based storage platforms. Individuals may even print sensitive corporate materials to avoid a digital footprint. There may not be any ill intent involved or this activity might occur only in the final weeks or days of someone’s affiliation with a company. 


In either case, these individuals then go to work for another company that could be a competitor, and the materials are used on behalf of the new organization. Quite often, sensitive data and confidential documents are distributed to other individuals at the new company. This process occurs far more frequently than most people realize. 


How important are internal threats? 

In recent years, anecdotal data and national litigation activity reporting indicate a sharp increase in data infiltration and exfiltration by employees and other individuals with internal access to confidential company materials. This is especially true beginning with the onset of the pandemic due to the shift to work-from-home arrangements. In fact, more than 1,300 trade secret claims were brought nationally in 2020. Hundreds of millions of dollars were awarded as damages in 2020 alone. 


Unlawful data infiltration and exfiltration have heavy financial impacts on companies whose data is stolen. The damage may not always be readily apparent or immediate, but loss of important confidential materials can erode competitiveness and ultimately impact market share — especially when the materials go to a direct competitor, which is often the case. 


There can also be enormous financial implications for companies receiving (whether knowingly or not) materials from another company. Lawsuits seeking double damages and attorneys’ fees are common. Companies can face reputational harm if they are perceived as engaging in such conduct. Defending these lawsuits is very expensive, with the bulk of the costs being expended upfront during the preliminary injunction phase. 


Given the increase in internal data infiltration and exfiltration and the value of such claims, companies need to take appropriate steps to protect their own confidential materials. And in today’s highly competitive and litigious climate, it is equally important that companies take reasonable measures to prevent individuals from infiltrating their systems with data, documents and information from competitors and others. 


Below are three key steps companies should take to prevent both exfiltration and infiltration of confidential company materials. 


Step 1: Digital Sandboxing 

Exiting employees will sometimes download company materials en masse on their way out the door. This often includes materials they did not even use as part of their work for the company. A salesperson might download operational documents; a financial analyst might download customer lists. This is often a function of grabbing entire files and folders from a server and copying them to an external hard drive. 


Companies should strongly consider limiting employee and contractor access to only data and materials needed for that person’s work on the company’s behalf. If there’s no business reason for a salesperson to have access to HR files, then access should be restricted accordingly. Doing this limits the scope of company data available for theft and retention by departing individuals. 


It’s also a good idea for companies to consider blocking USB port access on company-owned computers where possible. One of the most common means of exfiltrating and infiltrating data is via external hard drives, so if USB port access is shut off, the methods by which someone can download or upload data is much more restricted. 


Of course, people can still send materials via e-mail to get around a USB port block; however, based on file size restrictions common to most e-mail systems, the amount of data that can be infiltrated or exfiltrated via e-mail is quite limited as compared to an external hard drive.


Step 2: Policies and On/Offboarding 

Let’s face it: Employees and contractors don’t read employee handbooks. Most handbooks are 50+ pages long and only reviewed when there are questions about leave. 


Because of this, if a company is serious about putting its employees and contractors on notice that the company takes exfiltration and infiltration of data seriously, there needs to be a standalone document on this issue. Burying the policy in the handbook nearly guarantees it will never be seen.


Instead, companies should give employees and contractors a copy of this policy during the onboarding phase. The policy should be short (one or two paragraphs), be in a large and clear font, written in simple English (not legalese), and generally stand out from the other standard onboarding documents. It needs to unquestionably put people on notice of what is prohibited and require the individual to sign the document, agreeing to abide by its terms. 


Companies should also consider including a sentence or two about this in employment offer letters as another means of calling out this issue. Most people read their offer letters carefully, so including some of this information there can further impress upon individuals the importance of this issue. 


Departing employees or contractors should get another short document outlining in simple terms what they are prohibited from taking with them and that they could be subject to litigation if they violate those requirements. They should again be required to sign the document, promising not to violate its terms. If exit interviews are done, this issue should be discussed then. 


The best way to identify data exfiltration is by forensically reviewing the company-owned accounts and devices belonging to employees and/or contractors — especially those in key organizational positions and those with access to critical company materials. Such forensic analyses must be done close in time to the individual’s departure to ensure against a loss of reliable forensic data. 


Additionally, these investigations should be conducted by professionals trained in this area. If exfiltration is found or suspected, a thorough investigation should be conducted to assess the best next steps. 


Step 3: Buy-in and Training 

Another key to preventing infiltration and exfiltration of data and sensitive material is management buy-in. It is imperative that leaders know what activities are prohibited and actively enforce the company’s policy on these issues. 


It’s very common for people to bring materials from another company as a “shortcut” to avoid having to create things from scratch — simply as a matter of convenience. Other times, materials are brought from another company because the data or documents can help give the new company a real or perceived advantage. 


If managerial employees know both what to look for and what to do when they see this type of conduct taking place, it’s much more likely that appropriate steps will be taken. This requires specific training for management-level employees on these issues because these problems are often overlooked and misunderstood. 


Corporate espionage is far more common than most people realize and is a very real and present threat to company confidential data and materials. Taking the steps outlined above will help organizations reduce the risks flowing from corporate espionage activity.  

KEYWORDS: C-Suite Buy-in corporate espionage cyber security data protection risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Evangibbs troutmanpepper

As a partner at Troutman Pepper, Evan Gibbs takes a practical, results-oriented approach with clients to deal with their most critical corporate espionage matters. Gibbs leverages his deep experience with digital forensics and his team of technical experts to ensure his clients’ matters are handled using cutting-edge forensic technology available.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
close

1 COMPLIMENTARY ARTICLE(S) LEFT

Loader

Already Registered? Sign in now.

Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Half closed laptop

Sudo Vulnerability Discovered, May Exposes Linux Systems

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Beyond Passwords: How Security Can Improve Identity in 2018 - Security Magazine

    The perils of lax security hygiene and what organizations can do about it

    See More
  • financial-freepik

    Why the threat of wire fraud is particularly high for private capital markets – and what’s being done to address it

    See More
  • Security Blog

    The Fake ID Epidemic: What can be Done?

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

  • 9780367030407.jpg

    National Security, Personal Privacy and the Law

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!