ICPAS Homepage
Username:  Password:    HELP    Contact Us 
    Site Map 


 
 

secrets0707 

Corporate Insider | Take the business lead

Trade Secrets

If knowledge is power, then keeping your secrets secret is one of your most powerful weapons.

By Sheryl Nance-Nash

Competitive intelligence (CI) isn’t about unlawfully snooping around to get information. “It’s about legally and ethically collecting data, and then analyzing it to produce actionable intelligence for key decision makers,” says John McGonagle, managing partner at The Helicon Group, a Blandon, Penn. consulting firm that specializes in CI.

“Ninety percent of the information that a company needs to make key decisions and to understand its market and competitors is already public or can be systematically, legally and ethically developed from public data,” he affirms.

That said, don’t discount the criminal element. “With profit margins shrinking in so many sectors of industry, one should never discount the fact that your competitors may be out there trying to find out everything they can about you,” says Santo Scribani, regional vice president, American Commercial Security Services for ABM, a facility services contractor based in San Francisco.

For example, “Cyber-criminals on a network can slow productivity to a crawl. The stolen information can result in lost customers, costly lawsuits, fines and even loss of intellectual property (IP) protection. The theft of personal information can force embarrassing disclosure, as was the case with TJMaxx, and nearly 500 other companies in the last few years,” says Stan Stahl, president of Citadel Information Group, an information security management services firm.

According to a recent Aberdeen Group study of manufacturing companies, 48 percent reported lost market share, 44 percent reported lost sales, 30 percent reported product commoditization and 27 percent reported lower margins because of compromised product intellectual property, says Terrence DeFranco, CEO of Edentify, a provider of identity management solutions. As DeFranco explains, the study concluded that more than two-thirds of companies are actively engaged in improving product IP protection, with nearly one-third seeing this as one of their top business priorities. “Despite all of the legal and other efforts, the market for stolen intellectual property remains a bull market,” he says.

CI threats According to Scribani there are four major ways competitive intelligence can be compromised:

Inefficient security provisions. “This is often characterized by sloppiness or the inability to recognize security compromises through tasks that are typically considered routine and benign. Acts such as disposing of documents prior to shredding, leaving files unattended, allowing access by maintenance staff into sensitive areas and failing to lock offices or restricted areas, all create the potential for intelligence to be compromised,” Scribani explains.

Underestimating former employees. As firms change and manage personnel, they sometimes discount the amount of competitive intelligence an individual may have gathered during their tenure. Since these individuals will work elsewhere, their personal institutional knowledge presents a very real risk to the former company.

Lack of physical security. “Lack of physical security such as CCTV, alarm systems or security officer coverage can be an open invitation to theft or vandalism. These actions would potentially result in the release of sensitive information or intelligence,” says Scribani.

Unsecured electronic storage. Unlocked or unattended workstations or failure to properly secure data rooms leave you open to the loss of vital data. In addition, firms should not discount the possible presence of hackers, who, once inside their systems, can access sensitive information.

Quite simply, says Alfred Zaher, a partner with the law firm of Blank Rome in Philadelphia, “Know what a trade secret is. If you don’t know what a trade secret is, you can’t protect it. It’s really any information that provides an economic advantage in the marketplace; it could be a special ingredient, customer lists, or vendors or suppliers.”

CI protection Once you know what your “secret” is, how do you best protect it? There are a number of options. Be proactive. “Don’t wait until you have a problem to figure out how to protect yourself. There’s a lot that you can do that costs a moderate amount of money, and you’ll see big savings,” says Zaher, who practices patent, trademark and trade secret litigation, licensing and counseling.

For starters, develop an intellectual property plan. “Many companies, especially small or fast-growth, medium-sized firms, do not have one,” he explains. “All employees should sign confidentiality and non-disclosure agreements, so you give employees notice that their work is protected information.”

Identify internal protocols. Determine policies to prevent inadvertent information sharing, and then charge an individual or entity to develop them. Company-wide policies regarding document disposal or office access should be generated, published and embraced, says Scribani. Make use of inexpensive methods such as signage asking, “Did you lock your office?”

“The way a lot of companies screw up is by failing to communicate the rules to employees,” cautions David Carpe, founder of Clew, LLC, a competitive intelligence consulting firm in Boston. “They fail to use standard forms like a non-compete agreement, or they don’t explain what signing such a form really means,” he says. “They are dropping the ball on all areas of communication, both internal and external. Externally, this means that an employee might go on to blog about his life, like the young man at Google who was fired for discussing compensation (he didn’t even know it was grounds for termination), or to talk about a marketing plan or agenda on an industry email discussion list. Lack of corporate communication policy-making is typically the killer when it comes to this issue.”

Risk can be mitigated by compartmentalizing sensitive information (one person not knowing everything), as well as by using employment and separation agreements that address this topic. Firms should consider what, if any, punitive actions should be taken in the event of an agreement breach. Develop an exit policy detailing how a dismissed employee will be physically escorted from the premises to better ensure that data and files are not removed. And immediately terminate any computer system access that the former employee may have had.

Ensure site security. Do a complete assessment of your physical security capabilities as well; then complete a cost-benefit analysis to determine the feasibility and fiscal impact of implementing the recommendations.

“The prudent business executive will protect information using an in-depth combination of administrative, technical and physical controls, including user-awareness training, proactive technology management, and control of third-party information exchange,” says Stahl.

Assess indirect threats. Be aware that information can be obtained indirectly, says Carpe. “It can be secondary research, meaning somebody is digging around online or through databases or filing cases to find out about you. Take UCC filings, for example. Have you collateralized a big piece of equipment to finance expansion? Your town records will show that, and someone can unearth some pretty interesting stuff if it’s all there,” he explains. “Or a competitor can hire a CI specialist to talk to your employees over the phone or in person.”

Share the word. “Educate, educate, educate. Emphasize to your employees that there are people out their seeking competitively sensitive information,” McGonagle advises. “Enough cannot be said about employees watching what they say. Even the highestlevel executives can slip up. They literally swim in a sea of sensitive data. Often, they accidentally disclose bits of information that others within the firm may not even have access to.”

It’s hard to characterize whether CI is more vulnerable today than it was in the past, or to say whether cases have gotten better or worse. “Statistics, if there are any, may not be accurate as firms may not want to admit they have been compromised,” says Scribani. “What I think can be said, which makes this an interesting issue, is that as the safeguards are developed to mitigate your risks, someone is trying to develop methods to overcome them. It’s a cat-and-mouse game.”

“Be serious about protecting your intellectual property,” DeFranco warns. “Just because you can’t see it or hold it in your hand doesn’t mean it isn’t valuable. Once you lose it to the public domain, there may be no getting it back.”

6 Keys to IP Protection 

  1. Inventory intellectual property owned or licensed.
  2. Determine the value of each asset.
  3. Establish an intellectual property protection plan.
  4. Implement the plan and audit compliance.
  5. Manage changes in the intellectual property and how it affects the plan.
  6. Have a recovery plan in place in the event of a disaster.

Source: Terrence DeFranco, Edentify.

 

 

 

 

 
Illinois CPA Society - 550 W. Jackson, Suite 900, Chicago, IL 60661 | PH: 312.993.0407 or 800.993.0407 (IL only) | FX: 312.993.9954 |
Springfield Office - 524 South 2nd, Suite 504, Springfield, IL 62701 | PH: 217.789.7914 or 800.572.9870 (IL only) | FX: 217.789.7924 | Disclaimer
Become A Member