Corporate espionage is a fact of life. Here's how to protect yourself.
Corporate espionage is a fact of life. Here's how to protect yourself.
Michael Levitsky hardly seems the type to be involved in mystery or intrigue. The 55-year-old father of two owns a successful Fastsigns franchise in Wilmington, Del., and makes a comfortable, though hardly extravagant, living producing signage for companies ranging from the local lawn-care company to corporate giants like DuPont and MBNA.
But mysterious things were happening at Levitsky's 18-person shop. Longtime customers had begun calling, reporting to him that a rival signmaker had been in touch, referencing in detail their latest purchases -- and offering to provide the same products for a lower price. One major client was furious, accusing Levitsky of selling his name and business information and threatening to take his business elsewhere.
Levitsky initially suspected one of his employees. He started watching them, but still the calls kept coming. Finally, a customer showed Levitsky a letter from the rival. The correspondence, Levitsky noticed, contained a misspelling that he'd recently seen in his own database. It suddenly dawned on him that he and his sales staff regularly updated their records, tossing the old data in the trash. He began planting false names on the discarded documents, using the addresses of friends and relatives. Sure enough, every plant got a letter within a few days. He immediately phoned his attorney.
Levitsky figures the episode cost him tens of thousands of dollars in lost business -- money he recovered only after an exhausting, three-year legal battle. "Never in my wildest dreams did I think something like this could happen," he says. "It's not like we had a secret formula for a wonder drug or something."
The fact is, it doesn't matter what business you're in: If you're making money, you've got information that somebody else wants -- and often will go to great lengths to get. In a recent survey of fast-growth entrepreneurs by PricewaterhouseCoopers, 84% of respondents said that information about their competitors was an important factor in their own profit growth; one-third said that a shaky economy makes such so-called "competitive intelligence" more important than ever. Yet "most small companies aren't aware that they have information that needs to be protected," says Helen Rothberg, an expert in competitive intelligence at Marist College in Poughkeepsie, N.Y.
You can save yourself a lot of pain in the future by practicing a little counterintelligence now. The word may conjure a world of high-tech surveillance and double-crossing agents. But counterintelligence actually is pretty easy, a series of common-sense, defensive steps that can keep your company's lifeblood -- its proprietary data -- safe from the competition's jealous grasp.
Take an inventory: A simple paper shredder could have saved Levitsky a world of pain. But before you start destroying everything in sight, determine what you need to protect. Obviously, you will want to shield any information that could eventually be protected by a patent or trademark. But even seemingly mundane data -- your address book, your hiring practices -- can be valuable. A good rule of thumb is that if a piece of information gives you a competitive advantage in the marketplace, it's worth protecting. Or, take this simple test: Is the information something you would share with your chief rival over drinks at a cocktail party? If the answer is no, then it's something you need to defend.
Look for leaks: Your single biggest vulnerability is your employees. It's not so much that they'll double-cross you (though they might). It's that they often don't know what constitutes sensitive information -- and that's probably because you haven't told them. Fix that by adding a section on confidentiality in your employee handbook and by holding an annual training session on what's secret. Be sure to stress what can and cannot be discussed in public -- whether at a trade show or on a plane or train.
It's important to include the entire company in the sessions. "People who get targeted are often on the frontlines -- administrative assistants, secretaries," says Rothberg. A common tactic, she says, is for a spy to pose as a reporter or investor and make a simple probing phone call to a receptionist. Be sure all questions about senior management or business plans are directed to a senior-level person. Better yet, get a callback number and use that to determine whether the caller is legit.
Human resources managers are similarly vulnerable. Bradley Hare, chief technology officer of OmniSonics Medical Technologies, a 57-employee medical device manufacturer in Wilmington, Mass., makes a habit of weeding out resumés from job candidates that he suspects have no intention of working for his company -- but are nonetheless applying for jobs and full of questions. "It's becoming increasingly common," Hare says.
Mind the exits: Employees are even more of an intelligence threat when they become ex-employees, says R. Mark Halligan, a professor at the John Marshall Law School in Chicago. Halligan advises employers to forbid the use of personal tech equipment -- home computers, cell phones, PDAs, and the like -- for business purposes. Suck it up and pay for it all, he says. Why? "Because when an employee quits, you have the immediate right to seize [the equipment] because you own it," he says. You forfeit that right if employees are using their own devices.
Also, make sure to hold an exit interview, in which you go over what you expect former employees to keep confidential when they move on to their new workplace. You can ask employees to sign a noncompete agreement, in which you list in detail everything that you deem proprietary. But it's probably best to take this step when you hire them, not when they're walking out the door.
The paper trail: Loose lips sink ships, but so do carelessly managed documents. Get in the habit of marking confidential information as such. Not only will a simple document stamp raise caution levels, it will help remind staffers what you consider proprietary data and what you don't.
Electronically speaking, you're already defending your computer system against hackers (aren't you?). But you can also password-protect various parts of your computer system. After all, salespeople don't need access to design files, and designers don't need to see account information. Again, it's not necessarily a matter of distrust. But the less an employee knows, the less he or she can casually, and perhaps unwittingly, reveal. Levitsky, for example, no longer lets many people near his customer database. He also shreds everything before it goes into the Dumpster. Your data "is your gold mine, and you should treat it like it's money," he says. "Would you leave money just sitting out on the table?"
Indeed, the key is to give away as little as possible. For example, MindBridge, a Philadelphia software firm, used to offer a free trial download of its software on its website -- until it discovered that competitors were downloading and reverse-engineering it, says Scott Testa, the firm's chief operating officer. The company still offers the download, but only to registered users, who are given a password. Plus, Mindbridge will not send a password to a free e-mail account, like Hotmail or Yahoo mail.
Obviously, that won't stop a determined rival from getting its hands on the software, but at least it slows down the progress, says Testa. Counterintelligence, he says, is like "putting an alarm on your car, or a Lojack, or one of those bars across the steering wheel. If they really want to steal your car, they're going to figure out a way to do it. You just want to make their lives a bit difficult."
Please E-mail your comments to email@example.com.