Not yet a Member?
HR Magazine is highlighting the next generation of HR leaders.
Is your employee handbook ready for the New Year? With SHRM’s Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Get the HR education you need without travel expenses or time out of the office.
Join us in Chicago for the latest trends and technology in talent management, and what to expect in the future.
Subtle clues from co-workers could be signaling a risk of theft of intellectual property (IP) by your employees.
In December 2011, two experts in psychological profiling and employee risk management released the report Behavioral Risk Indicators of Malicious Insider Theft of Intellectual Property: Misreading the Writing on the Wall. Their research examines theft of sensitive, proprietary IP and other critical data and the individual and organizational factors that give rise to such theft.
Study co-author Eric D. Shaw, Ph.D., a clinical psychologist and president of Consulting and Clinical Psychology Ltd. in Washington, D.C., said he hopes that the study will “raise awareness, reduce anxiety and open organizations to new ways of dealing with this issue—especially new forms of dealing with detecting disgruntlement and designing and enforcing better IP agreements.”
In addition, he hopes that it leads to better awareness training targeting co-worker reporting.
“Right now, co-workers will report overt and flagrant signs of IP theft, but they will not report our risk indicators—the issues that tend to be associated with theft ahead of time—like disgruntlement, psychological issues and financial stressors,” Shaw said.
Attorney Anuj Desai, an associate in Arnall Golden Gregory’s intellectual property and technology practice team in Atlanta, said he typically sees a reactive approach to protecting IP.
“This issue stems from both organizational and technological flaws,” Desai said. “Correcting the problem requires both a culture of protection and enforcement, as well as implementation of reasonable security measures that are current.”
The report was commissioned by Symantec Corp. in Mountain View, Calif., and co-authored by Harley V. Stock, Ph.D., a board-certified forensic psychologist and managing partner with Incident Management Group Inc. in Plantation, Fla.
According to the report, IP theft costs U.S. businesses more than $250 billion annually. Frequent perpetrators were current or former employees or partners such as customers, contractors, vendors and joint venture partners.
The report was based on a review of cases, surveys, incident reports and investigations. The authors noted that the study is limited because such theft is likely underreported. Shaw said that the best data come from successfully prosecuted cases and might be biased toward more severe instances.
The study noted the following indicators and behaviors of employees most likely to steal intellectual property:
They often work in technical positions. Male employees, with an average age of 37, who work as engineers, scientists, managers and programmers commit most IP theft. A large percentage had signed IP agreements, which illustrates that policy, without employee comprehension and effective enforcement, is ineffective.
Usually, they already have a new job. About 65 percent of employees who committed insider IP theft had already accepted positions with a competitor or had launched their own company. About 20 percent were recruited by an outsider who targeted the data, and 25 percent gave the stolen IP to a foreign company or country, the study found.
They typically rely on technology to steal information they’re authorized to access. Internal IP thieves typically take data they know, work with and often feel entitled to. Most (54 percent) used a network—e-mail, remote access channel or network file transfer—to steal data. Most insider theft was discovered by nontechnical employees, such as co-workers reporting suspicious behaviors.
Trade secrets are the most common IP stolen by insiders. They were stolen in 52 percent of cases, followed by billing information, price lists and other administrative data (30 percent), source code (20 percent), proprietary software (14 percent), customer information (12 percent) and business plans (6 percent).
Key patterns precede departure and theft. The employee might be unsatisfied with his or her job, have psychological issues or be stressed over finances. Being passed over for a promotion and other professional setbacks can also facilitate theft.
Important Implications for HR
The vast majority of IP thieves steal material within three weeks before or after giving notice. Shaw said HR should confer with IT security about planned layoffs and upcoming staff departures so that additional safety measures can be implemented.
“I have frequently come across scenarios where HR knows of massive layoffs but IT security does not, so we have high-risk situations where a large group of unhappy people with active remote access to IP are on the network,” Shaw said.
In addition, the study revealed flaws in IP agreements. In the study, almost all IP thieves signed such agreements, “and they turned out to be worthless,” Shaw noted. Shaw said employees should renew their IP “vows” regularly, especially as they near the end of their tenure.
Lastly, he noted that there have been increased levels of internal and external collaboration in IP theft.While there is obviously a class of IP thieves who are extremely susceptible to “pitches” from outsiders, Shaw said there’s “a group of insiders that have begun to collaborate with other insiders to pull off these crimes.”
The report made several other recommendations for combating IP theft:
Pamela Babcock is a freelance writer based in the New York City area.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
HR Education in a City Near You
SHRM’s HR Vendor Directory contains over 3,200 companies