High-profile security breaches like the ones that targeted Sony, JP Morgan Chase and The Home Depot make major headlines and cause businesses to fear they’re going to lose all their trade secrets to a nefarious underworld of hackers.
And while such attacks target far more than company trade secrets (in particular, customer credit card numbers and other tools for ID theft), too many companies ignore a bigger potential threat: their own employees.
When it comes to trade secrets, the biggest threat isn’t North Korea, but employees who have access to your company’s confidential information. And they don’t even need to pull off an elaborate hack to do it. All they need to do is hold on to a confidential document or download it to their computer.
That’s why companies need to pay just as much attention to who has access to what information as they do to ensuring the company’s cybersecurity is up to snuff. Too many companies grant free (or liberal) access to information that should be kept under lock and key.
Often, the employee has no malicious motive. As someone who has represented executives, I can say that employees themselves do not always know how important it is to maintain confidentiality because they take their cues from their employer. And if their employer doesn’t have robust confidentiality policies in place and limit access to confidential information, how is an employee to know that she should carefully guard company secrets?
In essence, they didn’t know it was confidential because the company didn’t act like it was confidential.
There are plenty of people and institutions who covet your company’s trade secrets. And although some of those groups are now resorting to technology to get your trade secrets, plenty of them are still using the old-school method: offering a job to someone who has access to your confidential information. Sometimes they resort to another time-honored tradition: cash payments.
After all, why go digital if analog works just as well?
This is about more than just preventing trade secret theft. If your company is a victim, you have to show the court that you protected your secrets by, among other things, limiting access to them.
All this is not to say that we should be cavalier about the threat posed by hackers, both here and abroad. They pose significant risks that we should all be aware of and take steps to prevent.
But let’s not lose sight of the fact that, when it comes to trade secrets, Karen from Accounting can be just as big a threat as a hacker in North Korea.
Photo credit: Rob Pongsajapan