|
The
Business Journal of Jacksonville
January
24, 2000
SPYING
TROUBLE:
Stolen secrets can shred a company's finances
Sometimes
bad things happen to good companies. An employee who has access
to privileged information spitefully gives it to the competition.
Someone hacks into a computer system and obtains confidential
information. Internal documents are "leaked" to the
outside world.
Corporate
espionage is a constant -- and substantial -- threat to many businesses.
A
1999 study, for example, showed American companies suffered $42
million in financial losses from computer crimes. That figure
more than doubled from the $20 million reported in 1997.
Companies
also could be hit with damaging lawsuits if sensitive papers get
into the wrong hands. They could be sued for breach of confidentiality
if personnel records, financial bidding documents, profit-and-loss
statements and similar documents are stolen or leaked.
"There's
a range of information that a business needs to consider to protect,"
said Jim VanLandingham, president of Shred-It First Coast of Jacksonville.
VanLandingham,
security consultants and other experts recommend a number of steps
businesses should take to detect and prevent the escape of confidential
information.
Keeping
a secret
Businesses
need to establish a written policy defining what documents are
confidential, VanLandingham said.
"If
they don't have a definite policy, they're not showing an effort
to protect the information," he said.
Once
the confidentiality determination is made, the business must implement
procedures to be sure the confidentiality policy is followed.
Companies
also have to develop a system for disposing of confidential documents
at the appropriate time.
VanLandingham
suggests one central point in the office where documents are placed
for shredding.
Some
companies transport their documents off-site for shredding or
recycling, but that approach could be trouble if there's a bump
in the road.
For
example, a decade ago in Minneapolis, a recycling truck overturned
on I-94 spilling documents all over the roadway. As the story
goes, a document from the overturned truck made its way to the
hands of a reporter.
The
information, which later became the focus of a newspaper story,
concerned deposits made by a large bank investor. After seeing
the article, the bank investor threatened to file a lawsuit.
When
sending documents off-site for shredding, businesses also need
to make sure the company doing the work is safeguarding the confidentiality,
VanLandingham said.
He
believes on-site shredding -- with better opportunity for oversight
-- offers the best safeguard against what he calls "document
accidents."
Fighting
hack attacks
The
growth of the Internet and the World Wide Web are creating new
opportunities not just for legitimate businesses but for criminals
as well.
"Computer
crimes have been going on for years," said Michael G. Kessler,
president of Michael G. Kessler and Associates of New York City,
which conducted the 1999 study of losses from computer crimes.
"The Internet makes it more readily available."
The
study by Kessler's firm showed that 35 percent of the theft of
proprietary business information comes from disgruntled employees.
"The
types of crimes vary," Kessler said. "It could be anything
confidential that could be leaked out or simply proprietary information
that has been stolen."
Kessler's
firm also investigates computer crimes for businesses that suspect
a hacking incident has occurred with their computer network.
Various
types of software enable companies with computer networks to track
employee computer activity, especially if officials believe something
suspicious is taking place.
One
example is the NetBus Pro software produced by Jacksonville-based
UltraAccess Networks, which allows network administrators to monitor
network traffic.
Businesses
have the right to monitor employee computer activity, said Judd
Spence, UltraAccess' president and CEO. After all, it's their
computer system.
"Employers
are looking to make sure their employees are doing what they're
supposed to be doing," he said. "I have seen cases where
employers have tracked employee activity down to the keystroke."
An
act of Congress
One
tool businesses have on their side is the Economic Espionage Act
of 1996. The law makes it a federal offense to steal trade secrets
from businesses.
It
can be used by law enforcement officials to "identify and
pursue economic espionage as a crime," VanLandingham said.
Regardless
of what form the crime takes, businesses should file a police
report the first time they suspect one has occurred, said Sean
Mulholland, president of Mulholland Investigation and Security
Consulting in Jacksonville.
"Whether
it's a simple threat or tampering, you need to file a report,"
he said.
Mulholland
also suggests companies conduct proper background checks on employees
to curtail or prevent a crime happening at the outset.
|
