Intellectual property theft is often an inside job, with employees walking out the door with valuable and confidential data. Even more concerning, top executives, including chief executive officers, are not immune to temptation, according to a new study.

New Report Reveals IP Theft Trends

Data security is a growing concern for New York and New Jersey businesses. Code 42’s latest report, 2018 Data Exposure Report, offers insights into the attitudes about data loss and recovery of 1,034 security and IT leaders, CSOs, CTOs, CISOs and CIOs, as well as 600 CEOs and business leaders. The report offers several important insights, particularly with regard to IP theft.

According to the survey, 72 percent of CEOs admit they've taken valuable IP from a former employer. In addition, 93 percent of CEOs acknowledge keeping a copy of their work on a personal device, outside of company servers or cloud applications. Nonetheless, 78 percent of CEOs agree that ideas, in the form of IP, are still one of a company’s most prized assets, highlighting a disconnect between what executives say and do.

Below are several other notable findings:

  • Seventy-two percent of CEOs, 71 percent of CMOs and 49 percent of business leaders admit to taking IP with them from previous employers.
  • Half of business leaders (50 percent) and 63 percent of CEOs admit to clicking on a link they didn’t intend to. Additionally, 14 percent of CEOs and 36 percent of business leaders didn’t report to security/ IT that they did so.
  • Fifty-nine percent of CEOs and 41 percent of business leaders admit to downloading software knowing it may not be approved.
  • More than two-thirds of CEOs (68 percent) and 63 percent of business leaders think there’s risk in keeping data solely on outside storage, but they do so anyway.
  • Nearly three-quarters of CISOs (73 percent) and 60 percent of CEOs admit to stockpiling cryptocurrency to pay cybercriminals in case of a ransomware attack or data breach.

Steps to Deter Employee Data Theft

To help prevent IP theft, businesses can take several key actions. One of the most important is to require employees to sign non-disclosure and non-solicitation agreements. Even if a breach still does occur, the existence of the agreement improves the success of a resulting suit and allows you to seek an injunction.

Companies should have policies and procedures in place to prevent employees from intentionally or inadvertently disclosing trade secrets and other proprietary information. Further, companies should have policies in place to track downloads of company files to external devices, mark sensitive files with appropriate legends, restrict the ability to download files to external devices, or otherwise encrypt data transfers. In addition, training your staff about what constitutes IP infringement also ensures that they know what to do should they come across something suspicious.

Given the growing risk of employee data theft, it also makes sense to review a departing employee’s computer activities in the months preceding departure. Businesses should also be sure to immediately discontinue access to documents, databases and cloud storage systems as well as request that all company-owned devices are immediately returned. It only takes a few minutes for a departing employee to transfer a file before walking out the door. In some industries, it may also be advisable to notify key vendors, clients, or business partners that the employee is no longer affiliated with the company, so as to prevent any unauthorized disclosures.

Finally, Code 42’s survey findings highlight that businesses must account for human nature when creating IP and data security policies. They also suggest that companies must ensure that these policies are followed by the company’s lowest and highest-ranking employees. Like any compliance program, setting the tone at the top is essential to success. In the meantime, we encourage companies to work with experienced counsel to explore all the options to protect their valuable intellectual property