#Article

Investigating Suspected Corporate Espionage


Investigating Suspected Corporate Espionage

Theft of trade secrets or intellectual property can be just as devastating to a company as theft of company assets.

Corporate espionage may sound like something out of a spy movie, but in reality it is simply the theft of trade secrets or intellectual property. Often this is accomplished through illegal and unethical ways of obtaining this information.

Since many of these crimes go unreported, it can be a challenge to investigate and often companies choose not to follow up, even though they are victims. The best defense against corporate espionage is good planning and systems of prevention.

Why Companies Don't Prosecute

Corporate espionage often involves insiders and is extremely hard to prove. In fact, many companies don’t prosecute.

Reasons for this include:

  • differing laws in each country and foreign governments making it difficult to hold anyone responsible
  • fear of reputation damage or damage to the company’s financial status if it becomes public knowledge that they were victimized

It is widely known that a company is responsible for the security of its customers' data, so a leak or a theft of that information can lead to legal issues and fines, and severe reputation and PR issues.

Don't be a victim. Download the Data Theft Prevention Checklist.

Types of Corporate Espionage

There are many types of corporate espionage and it is important to know and understand all of them. Some simple examples include:

  • a disgruntled employee giving away or even selling trade secrets
  • sensitive information being overheard at a convention or trade show
  • an employee leaving to work for a competitor and bringing information with them
  • cyber spying

The techniques used can also mimic the same ones used in other forms of spying…subtle and covert.

Related: Top 20 Tips for Preventing Data Theft

The most common types of corporate espionage include:

  • Obtaining trade secrets or protected information about existing products or products in development. This is especially common when manufacturing products in foreign countries.
  • Stealing your client information in order to damage your company’s reputation.
  • Obtaining your financial information to use it against you with competitors, to steal employees, etc.
  • Stealing your marketing plans which may give your competitor a leg up in their own marketing efforts.
  • Trespassing onto your property or accessing your files without permission.
  • Posing as your employee in order to learn your company trade secrets or other confidential information.
  • Wiretapping or hacking into your computers or even infecting your computers or website with malware.

One of the challenges in uncovering corporate espionage is that many methods of obtaining information are perfectly legal and are accepted business practices. For example, hiring a secret shopper is legal. Overhearing trade secrets at a trade show is legal. And while they are certainly deceptive means of gaining information, they are not actionable.

Too late? Mitigate the damage with this cheat sheet: 7 Steps to Address a Data Breach.

Preventing Corporate Espionage

The best means of preventing corporate espionage is to take preventative steps including:

  • Protect your information! Determine what is classified or sensitive and protect it. Don’t forget the things that may not seem important to protect, such as new products in research and development, new marketing strategies, personnel files, customer information and any other information you would not want a competitor to have access to.
  • Conduct a risk assessment to identify vulnerabilities both physically and technologically to determine and prevent anyone from obtaining sensitive information. Don’t forget hidden areas that may leave you vulnerable like office cleaning companies, repair companies, etc. that may have access to paper that has been thrown away or to your computers at night with no one watching them, the ability to take photos of work samples, etc.
  • Have a security policy in place. Establish safeguards and use them! Update your security on a regular basis both procedurally and technologically.
  • Once you have determined methods for safeguarding your data, train managers, employees and anyone else on what needs to be protected and on all proper safeguarding techniques. Be sure to include reporting procedures in the event of a security breaches or an attempt to obtain sensitive information.

If you find your company is a victim of corporate espionage and want to investigate it, you may want to bring in an outside firm to assist. Everything from employee access points and physical buildings to IT systems and networks will need to be investigated thoroughly.