Innovation in science, technology, engineering, and other areas moves fast. There has never been a more important time to safeguard your company’s trade secrets—especially as most companies have at least part of their workforce operating remotely, which can potentially expose your company’s sensitive information to security shortfalls.
While the Economic Espionage Act (EEA) exists to help deter would-be data thieves, the law alone cannot ensure your company’s trade secrets are secure. Taking the right steps to improve both cybersecurity and physical data security is critical to protecting your trade secrets. This article examines the EEA and the steps you can take to help protect your information.
What Is the Economic Espionage Act?
The EEA was passed in 1996 and made spying on private companies and stealing their trade secrets a federal offense. It criminalizes two main types of trade secret theft. First, it covers instances when the culprit steals confidential competitive information to cause company harm or gain an unfair advantage.
Second, the law covers economic espionage, which happens when trade secrets are stolen with the knowledge and for the benefit of a foreign power. Motives for economic espionage often go beyond profit or gain. For example, stolen information may be used to close the technology gap between countries or gain a market share advantage. The federal government estimates that economic espionage costs the U.S. between $225 and $600 billion annually. However, many cases go unreported because afflicted companies do not want to negatively impact their stock value if a breach becomes public.
What Is Considered a Trade Secret?
Under the EEA, trade secrets are any sensitive financial, business, scientific, technical, economic, or engineering information that a company considers private. They can be plans, formulas, designs, prototypes, methods, or processes and take physical, electronic, graphic, photographic, or written form. The economic value of the information stems from the fact that it is not generally known or available to the public.
What Are the Penalties for Violating the EEA?
Penalties for stealing trade secrets include imprisonment for up to 15 years and fines up to $5 million for individuals. Penalties are even greater for organizations.
Who Qualifies for Protection Under the EEA?
To qualify for protection under the EEA, the owner of the information must be able to show they took “reasonable measures” to protect the information. This may include encrypting data, limiting access, following secure document destruction procedures, and other mitigation strategies.
Five Ways to Prevent the Theft of Trade Secrets
Trade secrets can be stolen by people inside and outside of your organization. As such, it’s important to have a multifaceted program for keeping confidential company information safe. Here are a few best practices to consider.
- Develop clear document storage, retention, and disposal policies. These should cover electronic and paper-based information and provide details about what protection methods apply to which types of information. Policies should be reviewed regularly to make sure they address any new intellectual property and reflect the latest information security best practices.
- Provide frequent staff training. All staff should receive training on how to keep confidential company information safe and the importance of doing so. Such training should take place at orientation and at least annually. Topics should include how to recognize phishing attacks, the importance of password hygiene, the value of a clean desk policy, how to avoid inadvertent disclosure, and the need for proper document disposal and hard drive destruction. An organization should also address how staff can anonymously report anything that seems unusual, such as co-workers working odd hours without authorization or taking home company proprietary information.
- Control and limit access to sensitive material. By restricting who has access to trade secrets, you can reduce the risk of theft. You may want to provide additional training to employees who have been granted access, so they fully appreciate the importance of their role in avoiding a breach. Having them sign a non-disclosure agreement is also wise to reinforce the seriousness of sharing confidential information, even accidentally. Adding controls such as two-factor authentication can also help minimize the risk of data being accessible to outsiders.
- Maintain robust cyber security. As businesses exchange more information electronically, it is critical to install thorough IT safeguards that reduce the risk of a breach and provide early warning if there is a security compromise. Possible protections include use of virtual private networks (VPN) to encrypt communications, anti-virus software, firewalls, system monitoring, and data loss prevention tools. Continually improving the overall cyber security program, including business practices, processes, and technologies is essential to reduce risk of compromise.
- Commit to regular, secure document destruction. Although more and more businesses are going paperless, there is still a significant amount of paper generated during the workday—and some of it may contain confidential company information, including trade secrets. Securely destroying outdated and unused documents can help prevent the data from becoming compromised.
Why Commit to Regular, Secure Document Destruction With Shred-it
- By having a certified document destruction service like Shred-it regularly come on-site to retrieve and securely destroy private papers that are no longer needed, you can rest assured that your company’s intellectual property remains safe.
- Shred-it exceeds National Association for Information Destruction (NAID) requirements, which means we follow all known data protection laws and undergo scheduled and surprise audits conducted by trained, accredited security professionals.
- We offer a secure chain of control from the point of disposal through destruction, using tamper-proof containers to hold documents until they are shredded, as well as locked, GPS-tracked trucks and secure totes to keep documents safe in transit. Our drivers and technicians undergo a thorough screening process, and we have robust systems for securing and monitoring our facilities.
- We use industrial-grade equipment to turn paper documents into confetti-like pieces that cannot be reconstructed, limiting the chances of theft even further. Hard drive destruction is also available, so you can make sure any proprietary information or trade secrets stored on legacy electronic devices are completely destroyed.
Learn more about how Shred-it’s information security services can help your organization protect its information and reduce the risk of trade secret theft.