Whether breached by hackers in a Shanghai hideout, bullied by the National Security Agency, or becoming the latest exposé on WikiLeaks, corporations seem to be having quite a bit of trouble keeping secrets these days.
Last month a 28-year-old anarchist activist was sentenced to 10 years in prison for his role in stealing and publishing millions of internal emails from defense contractor Stratfor. Meanwhile, plenty of eyebrows remain raised over disclosures that American technology firms, including Microsoft, Google and Facebook, may have been leaking sensitive customer data to facilitate the NSA’s domestic surveillance programs. This news follows troubling reports that Chinese hackers have infiltrated many Fortune 500 companies, including Ford, DuPont, General Motors, Dow Chemical and Motorola, as acknowledged in a strategy briefing from the White House that declared corporate espionage and trade secret theft are undermining our national security and economic stability.
Evidently, corporate America has become a frontline for cloak-and-dagger espionage. Yet in-house attorneys, outside counsel, compliance officers and executives seeking ways to safeguard their company’s trade secrets may be surprised to learn that more immediate and more mundane threats may present a greater risk to their enterprise and its competitive edge. Fifteen years as an investigator and corporate intelligence specialist have taught me that very few companies – public or private – are capable of completely shielding their strategic, financial, and operational plans from public view. Below are several reasons why they remain vulnerable.
1. Your Former Employees Don’t Forget
When searching for witnesses in class action suits, my colleagues often approach ex-employees and retired executives of defendant companies to determine if they’ll be willing to testify against their former employers. Sounds like a tough sell, right? Particularly if you consider that we are cold-calling these folks out of the blue. Yet we consistently find – to our continual surprise – that many people are willing to cooperate.
In one case, a retired R&D director initially balked when asked if he would meet with the personal injury attorneys suing the medical device manufacturer where he’d spent his career, saying, “That would be like [testifying] against myself.” However, his resistance softened once he’d been assured that the plaintiffs were not interested in pursuing him personally as a party in the lawsuit. In all likelihood, we explained, he would never have to set foot in a courtroom. It didn’t hurt our client was also willing to consider covering his consulting rate of $500 per hour for services rendered as an expert advisor.
2. You Can’t Trust Every Consultant
Management consultants at elite firms earn handsome hourly fees by trafficking in privileged insights, euphemistically known as “best practices.” Their knowledge of key players and critical trends in any given industry is increased – and made incrementally more valuable – with every hour they spend inside their clients’ offices and conference rooms. After completing their assignment, they become potential sources for research conducted by their clients’ competitors and other interested parties.
The threat of such leaks was highlighted during the government’s crackdown on insider trading, which has resulted in criminal convictions of former executives from several consulting firms, including McKinsey & Co. and A.T. Kearny. In a case billed as the largest insider trading case in history, a pharmaceutical consultant allegedly sold nonpublic data on a drug trial, after being introduced to a hedge fund portfolio manager by one of several “expert network” firms that play matchmaker for hired guns with stories to tell.
Most consultants are not crooks, of course, and major consulting firms have policies in place to avoid conflicts of interest. Yet in a field where privileged access and knowledge can be quickly converted into cash, the temptations – and potential damages – are too great to completely disregard.
3. Your Public Partners Keep Open Records
Public-private partnerships have become popular in sectors such as global health, where government agencies, nongovernmental organizations (NGOs) and pharmaceutical companies have aligned efforts toward common goals, such as drug development for neglected tropical diseases. In other industries, companies have negotiated tax breaks and similar concessions from state and city governments, occasionally sparking a full-scale bidding war between municipalities for the privilege of hosting a new corporate headquarters or manufacturing plant. Yet these local perks and projects sometimes come with a hidden cost: to gain public support, companies must be willing to operate with greater transparency.
A manufacturer recently hired my firm to determine the size, scope, and production capacity of a competitor’s plant that was being built in a Midwestern city with significant public investment. The competitor had issued a request-for-proposal (RFP) to several cities where it was considering construction. Though the RFP was confidential, the proposals submitted by city officials were de facto public documents. Those proposals included details on estimated workforce, capital investment, and production timelines. They also specified anticipated utility loads for the first 24 months of operation, which could be used to calculate short- and long-term production output. In a business setting, these records would have been password-protected and sitting safely on a secure server. At the municipal level, though, there had been no effort whatsoever to safeguard the files from our prying eyes.
4. Surprise! Your Proprietary Information is Published Online
Large corporations cut wide paths as they make their way through the world; and even smaller, more nimble organizations can’t always be perfectly discreet about their plans. My firm was retained by a multinational packaged-food company that wanted to identify new products of its main competitor – months before they hit the market. We had their answer in fifteen minutes, thanks to the Trademark Electronic Search System (TESS) of the U.S. Patent & Trademark Office. Companies filing ‘Intent-To-Use’ trademark applications regularly disclose the names and descriptions of their forthcoming products and services, six months ahead of product launch. (Extensions can be granted for up to two years if the go-to-market process proves slower than anticipated.) Ironically, the trademark attorneys responsible for safeguarding companies’ intellectual property are simultaneously publishing their product plans to the general public, giving rivals plenty of time to calibrate their response.
Corporate counsel and senior executives should be aware that their company’s strategy, R&D, financials, and operational data may all be, to some degree, chapters of an open book. Your competitors – not covert spies or Chinese hackers – are the ones most likely to flip through the pages.