Recently I read of a software developer facing imminent sentencing in a high-profile case of data theft. Hanjuan Jin, caught with 1,000 confidential Motorola, Inc. documents before boarding a one-way flight from Chicago to her native China five years ago, was convicted in February of stealing trade secrets. Astonishingly, Jin was caught due to a random security check at OβHare Airport. Iβve had this security check experience at OβHare myself, although the punishment is less harsh when itβs a tiny gel lip gloss not confined to the requisite clear plastic bag.
Reading this reminded me of a story relayed to me by a friend who works as a project manager for an IT company. In an instance on the other end of the spectrum of intent, a business associate of hers was under company scrutiny based on a security slip-up where heβd inadvertently published some proprietary processes on a public forum β some sort of a snafu with a portable hard drive and remote access to the system in reference that resulted in his job being on the line, despite a clear past track record.
Itβs a scary thought that intellectual property breaches can come not just due to those βbogeymenβ out there β the ones with the malicious intentions. Yet, both of these aforementioned anecdotes involve a serious compromise of security and IP, and neither were anticipated. So does it make a difference that one person meant to, and one didnβt?
These two situations should raise some questions about how accurate our perceptions of risk are. There's a difference between being paranoid and being smart, and if company management is careless with resources, arenβt they almost asking for a security breach, intentional or not?
Besides IT resources, itβs important to remember all of the other items of value that exist within the walls of your facility. In a processing environment, sequencing and recipes can be the intellectual property that means retaining your competitive edge. Donβt think that just because your team is small and βlike a family,β that it doesnβt warrant protecting yourself with something like a non-disclosure agreement. And much like the aforementioned IT publishing gaffe, there are ways employees can put valuable information at risk purely by accident. Make sure you emphasize the risks that come with bringing work home, or setting an easy password for a critical system β risks which apply to management just as much as anyone else within the facility. We always look at overseas countries with lax intellectual property laws as the culprits, but it can be just as likely youβll lose something of value through making poor decisions. This could include lack of security or internal regulations that define access to certain areas of the plant, certain documents, or silos of an enterprise system.
Too many times we assume we are the exception to every rule. In this case, it's important to remember that much like not all breaches are intentional, not all assets are recoverable.