Data Loss Prevention, Insider Risk

How to Prevent Industrial Espionage

By Veriato Team

Every organization needs to keep tabs on other players in the industry in order to stay competitive. It’s common for an organization to analyze a competitor’s website, perform secret shopping trips, and monitor a competitor’s marketing strategies. This type of competitive research is perfectly legal. But if an organization unlawfully obtains another company’s sensitive information, it is considered industrial espionage, which is illegal.

Why Do Organizations Conduct Industrial Espionage?

A competitor may conduct industrial espionage for a number of different reasons. Typically, a competitor looks for information regarding:

  • Product development
  • Research and development
  • Manufacturing processes
  • Sales
  • Marketing strategies
  • Customer lists
  • Bids
  • Chemical formulas or recipes
  • Operation techniques

The purpose of industrial espionage is to illegally and covertly obtain information that the competitor can use to their advantage. For example, if a competitor steals your customer lists, they can use this information to target your current customers and increase their market share.

Is Industrial Espionage Illegal?

The Economic Espionage Act of 1996 (EEA) was established to prohibit the use of industrial espionage among organizations in the United States. This federal law makes it illegal to:

  • Steal a company’s trade secret or obtain a trade secret by fraud
  • Alter, copy, download, transmit, or destroy a company’s trade secret without authorization
  • Receive, purchase, or own a company’s trade secret with the knowledge that it was obtained illegally
  • Attempt to do any of the activities listed above, regardless of whether or not the attempt was successful

Both individuals and corporations can face serious consequences for violating this federal law. If an individual is convicted of industrial espionage, they can face a maximum of 10 years in prison in addition to $500,000 in fines. Authorities can also impose millions of dollars in fines on corporations that conduct industrial espionage.

What Are Notable Cases of Industrial Espionage?

A number of industrial espionage cases have made headlines since the EEA was passed in 1996.

One of the first industrial espionage cases prosecuted under this federal law occurred in 1997. An engineer who helped Gillette develop its new shaving system sent drawings of the product’s design to three of the company’s competitors, BIC, American Safety Razor and Warner-Lambert. The engineer admitted to engaging in this illegal activity and claimed he did it because he was angry with his boss.

Another famous industrial espionage case emerged in 2009, when Starwood Hotels & Resorts took legal action against Hilton Hotels. Starwood claimed that two former executives who were later hired by Hilton stole information from the company in order to provide it to their new employer. The two executives were heavily involved in the development of Starwood’s luxury line of hotels, and planned on using the information to help Hilton launch a new, similar line of their own.

A project manager at Kodak was also found guilty of industrial espionage shortly after the EEA was passed. The project manager stole thousands of confidential documents from Kodak before leaving the company to start his own consulting firm. He also continued to receive stolen documents after leaving the company from the person who replaced him as project manager at Kodak. These documents included product drawings, plans, operation manuals, and other confidential information. He intended on cashing in by selling this information to Kodak’s competitors. Even though the documents were worth millions of dollars, he had only received $26,000 before being caught by authorities.

Industry espionage is widespread and can affect businesses across all industries.

How Can You Prevent Industrial Espionage?

It’s estimated that the cost of cybercrime and industrial espionage to the world economy is over $445 billion per year. Fortunately, there are many ways to avoid the substantial cost of industrial espionage and protect your company. Here’s what to do:

Use Employee Monitoring Software

Employee monitoring software can play an invaluable role in the fight against industrial espionage. This software is designed to monitor and record your employees’ digital activity, including instant messages, browser history, file downloads, emails, keystrokes, application usage, and more. It even takes screenshots and videos of your employees’ computer screens so you can see exactly what they are doing.

Having this information at your disposal can help you determine if any of your employees are engaging in industrial espionage. If one of your employees is acting as a corporate spy, you can use employee monitoring software to identify the actions before they happen, or use this recorded data as evidence in the case against them.

Furthermore, it can detect insider threats and notify you immediately if an employee engages in unusual or suspicious activity. For example, say an employee never accesses your company’s confidential client list. But today, they access and download it for the first time. The software may immediately notify you of this suspicious activity, which could indicate industrial espionage. This allows you to step in and take action to protect your company.

Establish Security Policies

Every company should have extensive security policies in place to prevent industrial espionage. These security policies should address:

  • How to create strong passwords
  • How to protect log-in credentials
  • How to detect phishing schemes and other forms of email fraud
  • How to handle sensitive data
  • Limits on the use of personal devices at work
  • Using the internet for business purposes only

Make sure every employee is trained on your company’s security policies. Training should be ongoing to ensure that employees are kept up to date on the latest cybersecurity news.

It’s also important to enforce the penalties for violating one of these security policies. This will show your employees that you are serious about protecting your company’s confidential information.

Conduct Background Checks

Performing a background check on every job candidate or new hire is essential to preventing industrial espionage. A comprehensive background check can help your company identify job candidates that could be acting as spies for competitors. By performing a background check, you can ensure that these spies never make it into your organization.

Establish A Termination Procedure

At some point, every business needs to terminate an employee for one reason or another. When the time comes, it’s important that your business has a termination procedure in place to reduce the risk of industrial espionage. This procedure should address:

  • How you will obtain company equipment, including smartphones, computers, and other devices, from the terminated employee.
  • How and when you will cut off the terminated employee’s access to your company’s sensitive information.
  • How you will discuss confidentiality and security concerns with the terminated employee before they leave.
  • How you will verify that the terminated employee has not downloaded, copied, sent, or stolen any sensitive data prior to their access being revoked.

Following these tips can help your company avoid becoming another industrial espionage victim.

Be Proactive in the Fight Against Industrial Espionage

Many companies wait until it’s too late to take action against industrial espionage. Don’t make this mistake. Now is the time to put measures in place that will protect your company and prevent industrial espionage.

Insider Risk – How Prepared Are You?

Insider Risk – How Prepared Are You?

Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Insider Risk & Employee Monitoring Resources

Smart Year-End IT Investments- A Trifecta for ROI

Smart Year-End IT Investments- A Trifecta for ROI

Drive Productivity, Reduce Insider Risk, Enforce Compliance As the year wraps up, many IT, security, compliance, and HR teams have unspent budgets that won't roll over. Rather than scrambling for last-minute, low-value purchases, why not make smart, strategic...

Is IAM, SIEM, and DLP Enough to Combat Insider Risk?

Is IAM, SIEM, and DLP Enough to Combat Insider Risk?

Key Takeaways: Closing the Gaps in Traditional Security Tools: IAM, SIEM, and DLP are vital but insufficient in addressing insider risks. They focus on access control, event logs, and data protection without understanding the behavioral context that signals insider...