Archives for IP Theft

It’s Time to Take action Against IP Theft

Recently, Tesla CEO Elon Musk was forced to admit that his company was the victim of sabotage by one of its own employees. That employee, frustrated over recently being passed up for promotion, applied damaging code to the company’s manufacturing system and shared large amounts of sensitive data with third parties.

Given the company’s desperate need to make progress following a string of negative announcements, the timing couldn’t have been worse.

Tesla’s situation, though perhaps one of the highest profile cases, is not new or unheard of. Companies quietly monitor their workflows and processes for any signs of IP theft or sabotage by disgruntled or even misinformed employees. Very often, it’s simply a case of those employees taking the work product that they created, believing that they have ownership. In other cases, an employee may copy large contact lists hoping to maintain and divert relationships to a new employer.

Whatever the theft, and whatever the motivation behind it, this particular crime is common and can cause a company not only financial loss, but the potential for serious reputation damage and even litigation.

Roughly 50 percent of employees will take work product when they leave a company, and close to 40 percent will attempt to leverage that work product on behalf of their new employer.

But what can we do about it?

Most companies leverage commonplace strategies, such as blocking employees from using online storage sites such as Dropbox, or disabling USB ports so that files cannot be moved to USB storage devices. The fact is that these methods are only a minor stumbling block for an employee intent on taking work product.

In the past, to determine whether information was stolen, companies needed to do forensics work, costing a lot of money, time, and resources.  It is hard to measure an ROI for a process like this because you cannot assess the value of an event that may have been prevented, and you cannot assume the result before you commit the resources.  Many companies struggle to see the value in building processes that protect their IP in the face of committing resources to R&D, service line launches, shareholder rewards, or employee benefits.

Understanding this challenge and leveraging its forensics expertise, RVM created a tool – Tracer – to analyze computers and identify activities that might be affiliated with potential IP theft. It is designed to look for user behaviors (online and offline) that may indicate an employee’s ill intentions. The tool can sweep through the user’s actions looking for files and actions and can draw attention to troubling patterns to guide an employer’s decisions.

But, technology alone may not be enough to overcome the problem.  Leveraging experts that can properly assess the problem and collaborate with a company to right-size the solution is a powerful next step.  The best way for companies to protect their IP is to ask the hard questions regarding its value and be prepared to take action.

Tesla is a strong company with a stable revenue stream, and will likely weather this storm. Other companies may not be so fortunate.

Messaging Applications in Business Environments: Watch What You Send

We all use a messaging application in our daily routine. They are a convenient way to communicate with people and
offer a quick alternative to phone calls, and emailing. Sending sensitive information through these applications, however, may raise red flags.shutterstock_197029355

Recent findings showed that lawyers and other professionals using consumer messaging applications to
exchange confidential business information could be in trouble. These third-party applications do not guarantee security, nor maintain an audit trail, or an archiving mechanism. Worse, they do not support information disclosure should the request arise in legal or other proceedings.

A recent survey showed that:

  • 69 percent of participants use e-mail most frequently for business communications;
  • 22 percent mobile messaging; and
  • 8 percent voice calling.

Out of these results, the next question asked why the participants didn’t use messaging applications more often:

  • 30 percent prefer sending e-mails or making calls;
  • 23 percent say there’s no paper trail;
  • 3 percent say it’s not as secure as phone or e-mail;
  • 17 percent say it’s too informal; and
  • 30 percent say it’s not authorized by the company.

So, what should your company do? Blocking messaging applications completely isn’t a viable solution in the long term. Messaging applications have proven to be a reliable tool to enhance employee productivity. The key is education. Company staff has to not only understand what regulatory laws they’re working under, but they also need to be able to use a secure messaging system that is company-approved, and adheres to the provisions of the Sarbanes Oxley Act and other applicable regulations. 44 percent of survey participants answered that their company doesn’t have an official messaging platform, which leads to the use of third party messaging applications and the release of confidential information.

The rule of thumb is to never send confidential data via an unsecure platform. If you suspect one of your employees has been transferring sensitive information via messaging applications, the RVM Tracer™ can help you audit your employees’ computers safely and quickly, instead of immediately undertaking a costly forensic investigation.

Protect your data to protect your business.

Are you guilty of IP data theft?

if theft with light bulbYou finished drafting this confidential document and want to take it home to review it one more time with a fresher pair of eyes. You copy the document onto your personal thumb drive, and carry it in your pocket. The thumb drive’s journey might end up at home, plugged into your personal computer, or it might fall off your pocket and get lost. No matter its destination, the confidential document isn’t safe anymore as soon as it is copied onto that thumb drive.

You might believe that you’re entitled to copying confidential work product if you’re working on it. You might not have been informed of what’s truly yours and what’s not. You might not think you did any harm to your company.

The truth is, you have probably committed IP data theft.

Companies employ highly sophisticated tactics to decrease the occurrence of outside data breaches by developing infrastructures and processes such as building firewalls, encrypting data or using antivirus software. But inside the company, data is pretty much free for the taking. Every employee has access to confidential material at least once in their career. Complex layers of protection can quickly be rendered ineffective if the individuals inside the organization keep releasing information by doing something as simple as emailing confidential company data to their personal email address.

Data security begins and ends with the individual. For many companies, inadvertent exposure is paramount to actual attacks. Every company hopes to have properly educated its employees about security awareness policies and protocols, which will hold individuals responsible if they leave the company with confidential data that isn’t theirs.

Copying data to a thumb drive, the cloud, an email, or any other means, puts the company at risk.

The RVM Tracer™ was created for the purpose of quickly identifying whether an employee has been taking confidential company data, and has therefore breached the organization’s security protocols. The RVM Tracer gives organizations the opportunity to safely and quickly audit their employees’ computers and give them peace of mind.

Protect your data to protect your business.

What Happens to Sensitive Information When Employees Leave?

Confidential infoThe departure of employees may constitute a big security hole for company data. A recent survey showed that intellectual property theft is prevalent as former employees don’t feel like they’re committing a security breach, because they’re just taking what they consider “theirs”, or they’re simply ignoring company policies.

The survey highlighted that:

  • More than 1 in 4 respondents said they took data when leaving a company;
  • 15 percent of respondents said they are more likely to take company data if they are forced out of their job (fired or laid off), rather than leaving on their own;
  • Of those who take company data, 85 percent report they take material they have created themselves and don’t feel this is wrong;
  • While a majority takes their own documents, 25 percent of respondents report taking data that they did not create; and
  • About 95 percent of respondents said that taking data that they did not create was possible because either their company did not have policies or technology to prevent data stealing, or that if companies did have policies in place, they ignored them.

Companies need to be aware of the risks associated with employees transitioning over to new positions in a different company, sometimes a competitor, and make sure the security measures they implemented are strong enough to dissuade individuals from taking company data. The technology a company uses to prevent the use of sharing tools such as DropBox, GoogleDrive, even web based email can make a big difference in the long run.

Company data is easy to track if secure tools are in place. RVM Enterprises, Inc. developed a new product, the RVM TracerTM, which can be used as part of the exit interview process or as a tool to periodically check to see whether or not company documents have left with an employee.

Adopting effective procedures to address ESI issues can dramatically improve security awareness, risk assessment and treatment. RVM can help you determine how best to approach these important issues.

How to Ensure Confidential Information Stays Confidential

The lifespan of electronically stored information (ESI) lifespan will exceed any employee’s tenure in a company. When an individual decides to transition—for whatever reason—recent statistics show that 50 percent of employees take information when leaving. More alarming news is that 40 percent of these former employees will use that information at their new jobs, and 37 percent use cloud-based storage without permission from their employer, based on a 2012 survey from the Ponemon Institute.Confidential pic

The potential of an employee walking out the door with a client contact list or other piece of intellectual property is a problem that could warrant a costly investigation, but what if you’re not sure? Not only do forensic investigations prove to be expensive, but they might not lead to any concrete evidence that the departing employee has actually stolen confidential information. Even taking the time to debate whether or not to investigate can be costly.

So how do you ensure confidential information stays confidential? No need to grow gray hair. RVM has developed a new reliable and cost-efficient product to address this very concern. The RVM TracerTM, can be used as part of the exit interview process to quickly determine whether or not an employee has taken company documents. In minutes, the RVM Tracer creates reports that include items such as a listing of documents created and saved on a computer desktop, cloud based folders or external drives, as well as the browser history and a history of installed applications, saving time, money and potential future legal costs.

In an era where sensitive data grows exponentially, and has become rampant on every electronic device, ESI tracking, preservation and retrieval has had a huge impact on eDiscovery. Adopting effective procedures to address ESI issues can dramatically improve security awareness and risk assessment and treatment.