A few years ago, I was given an unorthodox assignment: Find out why an apparel company was losing market share to a competitor. Our client, which I'll call BestCloth, had a stronger brand and social presence, cooler spokespeople, cheaper prices, and greener fabric. And yet, month after month, its customers were fleeing to the competition (let's call it Apparel Fire).

BestCloth was convinced that standard market forces weren't at play, and it wanted answers. Assembling competitive intelligence often involves hiring public relations firms, running customer surveys, chatting up attendees at trade conferences, and analyzing demographic data culled from social media advertising. BestCloth could have opted for this approach, and maybe it would have worked. Instead, it chose to tap us, a private investigations firm.

It was a bold move. While my company works for a broad range of clients--global corporations, government agencies, celebrities, foundations, law firms, sovereign nations--we don't usually get called in to solve sales and marketing mysteries. We're typically tasked with figuring out whose hand is in the cookie jar (and, sometimes, where the cookie jar is)--uncovering financial frauds, crimes, corruption, and stolen assets.

We were game for the challenge, though, and gleaned much from our experience. Here's what we uncovered--for BestCloth and for you.

Probe inward, not outward

If our client's hypothesis was correct--that the loss of customers was not a product of market forces--we knew that our investigation could do away with any kind of market analysis. Instead, we pitched the company on investigating itself, using what's called "self" or "reverse" due diligence. In other words, by asking the client to engage in an internal audit, we could identify vulnerabilities, such as excessive negative comments on platforms like Glassdoor, which we could use as leads to further investigate. An unsecure website, vendor or expense-account fraud, labor disputes, or low morale among the rank and file were also flagged.

Among other steps, we looked for any holes to be patched in BestCloth's email system, made sure its employees' access to the company's digital assets was properly restricted and secured against external threats, and searched for civil lawsuits naming BestCloth and Apparel Fire.

People want to talk, so let them

We also identified former employees whom we could interview for leads. This is a common investigative technique, and should be high up on your review list. Employees, especially those who either are disgruntled or have left an industry entirely, are usually willing to speak about their ex-colleagues. The search proved revelatory.

After a few hours of searching, we found them squatting unseen in the hinterland of the phone's hard drive: texts, once deleted, now recovered. They included links to folders in a Dropbox account that led to customer lists and more.

One former senior employee of BestCloth, we noticed, had joined Apparel Fire in the past year. We were told turnover in the industry was high and it was not uncommon to lose people to the competition. But this departure piqued our interest, since the executive had access to trade secrets and confidential strategy memos, all of which should be protected by nondisclosure agreements and the restrictive covenants that are built into many employment agreements. At the very least, when employees leave a company, the employer should remind them of their contractual obligations.

We also learned that the former executive, whom I'll call David, had been sued by a former employer for breach of contract. BestCloth, it turned out, was unaware of the lawsuit.

Assess your assets

The dispute inspired us to wade deeper. We asked for permission to review David's archived work email traffic and data from his BestCloth mobile phone, which, fortunately, had not been wiped clean after his departure.

With regard to data transmitted by means of a company-owned ­device or account--which includes employees' emails, mobile phone data, cloud storage space, and other digital information--the employee has little or no expectation of privacy, even when there is no explicit statement to that effect in an employee handbook. The protocol is less clear if the employee owns the equipment.

Even so, company emails on a company-issued cellphone are generally owned by the employer and fair game during an investigation--especially one that is likely to uncover unsavory behavior. David, of course, had been given a company cellphone.

Bring in reinforcements

Using a software platform called Cellebrite, we copied all of David's iPhone data onto a different hard drive. This is called making a forensic image. Then, we searched through that data with keywords and phrases, including some embedded in BestCloth's most confidential documents. We also compiled a list of senior Apparel Fire employees and their phone numbers and email addresses.

After a few hours of searching, we found them squatting unseen in the hinterland of the phone's hard drive: texts, once deleted, now recovered. David's texts included links to folders in a Dropbox account that included BestCloth's most prized information: lists of retail customers, vendors, suppliers, details on fabrics, and supply chains. The recipient? An Apparel Fire vice president.

BestCloth did not include us in conversations about how damaging the breach was. However, in my experience, there can be steep conse­quences from losing, say, a customer list. That information, along with pricing details, can help a competitor undercut your service. Knowing, too, the terms of an arrangement with a vendor can help a competitor better negotiate its own terms. And if intimate knowledge of designs are lifted, that can also give a competitor an edge--and help it, say, engineer its own version, with only slight modifications.

It's clear BestCloth took these findings seriously, as the company shifted its focus from analyzing its practices to engaging in a legal battle with Apparel Fire and David.

BestCloth learned the hard way how pervasive corporate espionage is, and spent hundreds of thousands of dollars litigating a case it ultimately settled, albeit in its favor. But it's hardly the only company unaware of a bad actor in its midst.

A 2020 report from the Association of Certified Fraud Examiners finds that asset misappropriation, which is defined as an employee stealing or misusing an employer's resources, occurs in the vast majority of occupational fraud schemes (86 percent) and carries a median loss of $100,000 per case. So even if you're not losing market share like BestCloth, you may well be losing something else valuable--and you might not even know it.

So, while not every employee defection is cause for alarm, you should never ignore red flags. And, whatever you do, don't skip preventive steps: Ask employees to sign legal documentation ensuring they understand the ground rules for using company-issued devices and internal software. Employment contracts should include confidentiality provisions and reasonable restrictions on employees' behavior. There should also be language designed to prevent the poaching of employees, customers, and clients when executives leave. This way, if you do fall victim to a corporate cat burglar, you'll have recourse.

Just a few more things to think about the next time you peer into that cookie jar.

Tyler Maroney, co-founder of the private investigations firm QRI, is the author of The Modern Detective: How Corporate Intelligence Is Reshaping The World.