It was reported that on a late evening this past August, the CEO of a medical technology company in Massachusetts stumbled upon a person unknown to him sitting in the company conference room with what appeared to be three open laptops as the CEO was leaving for the day. When confronted by the CEO, the stranger claimed to have an appointment with various members of management, including the CEO himself. This, of course, raised the CEO’s suspicions, since he knew he had no appointment with this stranger.
The stranger was subsequently arrested and charged in Massachusetts Federal District Court with two counts: 1) Attempted theft of trade secrets; and, 2) Access without or in excess of authorization with intent to obtain information. The stranger turned out to be a dual citizen of China and Canada, with no prior authorization to be on company property.
WHAT WAS THE STRANGER’S INTENTIONS?
One can speculate on his intentions since he was found to be in possession of the following:
- 2 – laptop computers
- 1 – iPad
- 2 – portable hard drives
- 10 – cellphone SIM cards
- 2 – digital camcorders
- 2 – flash drives, and other data equipment
According to the U.S. Attorney’s office, “Some of these types of equipment can be used to obtain data from computer networks and to video record otherwise-secret physical documents and products.”
POSSESSION OF (TECHNOLOGICAL) BURGLAR’S TOOLS
This reminds me a bit of my police enforcement days when we’d catch a burglar inside a private or commercial premise before he had the chance to leave with the goods. He’d be charged with Burglary (which in New York State essentially reads: to enter and remain unlawfully with intent to commit a crime); and, if he had a screwdriver, crow bar, lock-pick, etc. he would be charged with “Possession of Burglar’s Tools.”
In my opinion, this thief’s possession of all that technological data-recording equipment is the equivalent of “possession of (technological) burglar’s tools.”
HOW COULD THE STRANGER GO UNNOTICED?
How could this thief get into the facility and find his way to the company conference room without being challenged until the CEO came across him?
The answer goes much deeper than the failure of their physical security program. It’s not just about security guards who didn’t see him slip in with a group; or the possible back door that was left open where no security guard was posted; or if a guard was posted, who may have been preoccupied with talking to his spouse on his cell phone, instead of keeping his eyes on the door; or the security guard designated to keep his eyes on the CCTV monitors and not doing a very good job of it.
Of course, physical security policy at the targeted company needs to be evaluated and enhanced through an installation of access control equipment such as: cameras, motion detectors, alarms; and, procedures, such as, all visitors and contractors are chaperoned through the facility without exception; and everybody wears an identifying badge on their outermost garment, with the exception of the CEO, maybe.
WHAT IS IT REALLY ABOUT?
What it’s really about is not just physical security procedures. No: the security breakdown here was about something more fundamental than that. It was about lack of “Trade Secrets Protection Mindfulness.”
It is about the state of “Trade Secrets Protection Mindfulness” at the targeted company.
A company can have all the access control procedures in place there is, but to truly protect your “trade secrets” requires something more fundamental: it requires raising the “trade secrets protection mindfulness” of every single employee.
HOW DO YOU RAISE THE TRADE SECRETS PROTECTION MINDFULNESS OF YOUR EMPLOYEES?
The answer is: Training.
Just as companies have devoted resources to raising the “mindfulness” to workplace violence and sexual harassment (to minimize their risk to such episodes), companies need to devote resources to “trade secrets protection mindfulness.”
Unfortunately, companies often shy away from a policy that seems to indicate they do not trust their employees and visitors. But it is critical that they find the balance between trust and developing a robust “trade secrets protection mindfulness” culture.
Companies, by necessity, need to accept the times we live in and the bad actors out there who will go to extreme lengths to steal their “trade secrets.” Just as we all—in this age of terrorism—have learned to live with exhaustive airport screening to minimize the chance of being attacked, similarly, in this exponentially growing age of IP theft, companies need to accept the critical need to raise the “trade secrets protection mindfulness” of its employees to minimize the risk of their “trade secrets” being stolen.
Companies must have a zero-tolerance approach to ANY unidentified persons infiltrating the “actual or virtual” fenced-in enclosure of their property.