Protecting Your Business Against Corporate Espionage

Companies own sensitive information that competitors could use for financial advantage. Some competitors take extreme measures to access trade secrets, even committing criminal fraud. Other corporate espionage involves former employees getting back at their employer by sharing information. With threats from the inside and outside, businesses must take corporate espionage threats seriously.

Applicant screening, employee training, and comprehensive exit procedures can reduce the risks of employee espionage. Strong cybersecurity can protect your trade secrets from outside access. For more information about protecting your business against corporate espionage, talk to an experienced employment law attorney.

What Is Corporate Espionage?

Corporate espionage involves the unauthorized sharing of company information for commercial purposes. Some of the most common types of corporate espionage involve trading intellectual property or proprietary information.

For example, a former employee could take the company’s customer data to use at a competing company. A disgruntled worker could share trade secrets to get back at their former employer. Even foreign governments could practice cyber espionage to access sensitive government contractor information. According to the FBI, economic espionage by foreign competitors costs companies billions of dollars every year.

Corporate espionage is also referred to as employee defection, unfair competition, industrial espionage, and theft of trade secrets. Usama Kahf, an employment attorney with Fisher & Phillips in Irvine, California, notes that corporate espionage is the term that makes people think of the movies. “It’s a cool term,” he says.

What Legal Issues Are Included in Corporate Espionage Cases?

Kahf represents employers seeking to secure their confidential information. His cases range from disgruntled employees emailing themselves sensitive data — such as a client list before defecting to another job — to representing banks against former contractors.

In one example, a company hired a contractor to develop a financial security source code. The contractor then offered the code on the internet for sale to the dark web, a form of economic espionage. “In that case, we had to go to the last line of defense and go to court to get a judge to slap him with a restraining order.”

Prevention Is Better Than Going to Court

Kahf prefers to take the preventive route. Prevention helps clients anticipate what can happen and how. Implementing security policies and procedures addresses potential cyber-attacks and corporate spying.

Kahf recommends that all employers spend some time thinking about their agreements with employees at all phases of the employment relationship, including when working with contractors. “I want to make sure that we’re implementing better security measures, better contracts, and better non-disclosure agreements (NDAs) that are reasonably tailored and enforceable.”

Strong Cybersecurity Practices Reduce the Risk of Data Breaches

Corporate espionage can come from insider threats or outside hackers. Cybercriminals can take advantage of poor security systems to access sensitive information. Ways competitors can get access to trade secrets include:

• Phishing and email spoofing
• Wiretapping
• Targeting employees with social engineering
• Using devices infected with malware to get physical access to computer networks
• Buying access to third-party data breaches

Preventative security measures can also demonstrate you intend company information to be private. To be a trade secret under the Uniform Trade Secrets Act (USTA), the owner has to take reasonable measures to keep information private and protected.

Reducing Risks at the Hiring Stage

Risks related to hiring can arise when a new employee brings over proprietary information or intellectual property from their former employer. Employees have access to valuable assets such as:

• Client lists
• Manufacturing processes
• Design technology
• Contract terms
• Specific details about prior transactions
• Special pricing

If the employee uses the stolen information to benefit the new employer, it gives the new employer a competitive advantage. The employer is potentially liable, whether the new employer was aware of the practice or not.

“This is one of the areas a lot of people miss,” says Kahf. “Employees will download stuff on their last day.”

Pre-Screening New Hires for Sensitive Information

Pre-screen new hires before they start. Targeted background checks can look at more than just the standard criminal, driving, and credit records. Establish verbally and in writing that they are not to bring anything with them from their former employer.

Kahf adds, “It’s even worse when you’re hiring someone who’s going to be an officer of the company. If they’re a rank-and-file employee, you can at least have the defense that you had no idea. With an officer, you can’t say you didn’t know—their knowledge is essentially the company’s knowledge.”

Kahf recommends having “robust” confidentiality agreements to ensure company information is protected. “A lot of the ones I see are old or badly written, and opposing counsels have figured out a way to argue around them,” he says.

Security Measures When Employees Leave

It’s also key to have security practices in place to prevent theft from happening when employees leave.

Modern technology makes it easy for employees to transfer information to themselves covertly. An employee can upload information to a home network or walk out with a USB stick. But security protocols also makes it feasible to monitor suspicious activities.

Computer forensics and security audits allow an employer to find out if a departing employee has:

• Downloaded data to a USB drive with valuable information
• Unauthorized access to documents that were not related to their final days of work
• Installed malware on company computers
• Emailed information to themselves
• Exported information to a Google Drive

Security Risks of Using Personal Devices

As technology evolves, so must employers. It’s no longer a matter of stolen paper documents. It is more difficult to permanently delete data or restrict access when sharing data online or on multiple devices.

Many people blur the lines between work and personal technology. Employees and executives use a personal cell phone to check work email or work from a laptop at home or on the road. Kahf advises clients that the answer to handling many of these evolving technology issues is with contracts. “Put it in contracts and then actually enforce them.”

Legal Advice To Manage Corporate Espionage Risks

If you have concerns about protecting your confidential business information, talk to an attorney with experience in employment law and cybersecurity. An experienced employment lawyer can review your workplace policies for vulnerabilities and provide a risk assessment. An attorney can also handle litigation with former employee misuse of the company’s data.

For more information on potential threats, see our overview of employment law for employers as well as content related to cybersecurity measures and data privacy.