Join us as we advance disease-modifying gene therapies for genetic conditions.
Chances are if you’re reading this, you’ve been hired or done the hiring at some point over the last decade. So, you’ve probably noticed that the field of Human Resources is constantly changing and developing. For example, what was once simply staffing or recruiting is now called Talent Acquisition Services —a suite of services and processes intended to attract, source and hire new talent into an organization. There’s also been a major shift in employee benefits—ones that were nice to have are now expected. Factors that were once an afterthought—confidentiality agreements, diversity and inclusion programs, professional development—are now front and center of most HR teams. Because of all these changes, another shift has been the outsourcing of many HR functions that were once exclusively done in-house.
While some companies wholly outsource HR to a single outside firm, it’s a more common practice to divvy up functions to a range of outside providers. This approach is a common occurrence in fast-paced industries like biotech and high-tech, but the trouble is using multiple vendors negates volume discounting and leads to a lack of synergy.
Utilizing a Recruitment Process Outsourcing (RPO) Model is an ideal way of consolidating vendors for cost reduction. However, for many hiring managers and staffers, the thought of outsourcing the recruiting function can feel intimidating. This is understandable. There are many benefits, but there are also some risks both financially and legally.
However, the real risk is not mobilizing quick enough with the requisite support to bring in top talent.
RPO is often a better means for companies to effectively and quickly scale their recruiting needs based on demand and complexity. It allows companies to focus on their core business operations and provides service through a defined set of processes and activities as outlined by the client company.
RPO providers usually include back-end resources that regular full-time or contact recruiters can’t offer. In addition, RPO providers can more easily bolt-on services such as additional recruiting support, job marketing support, sourcing, scheduling, etc. An added benefit is that these services are oft included at a nominal price or as part of their service provision, resulting in a lower cost-per-hire and the ability to scale quicker.
The types of RPO include:
- Enterprise RPO: a company-wide outsourcing of most or all of the sourcing and recruiting processes to an RPO provide
- Project Based RPO: relegated to a smaller, contained effort, generally a specific scope of time and/or number of positions.
- Specific Service RPO: outsourcing of specific parts of the recruiting process to increase for example, the quality of candidates, the efficiency of the process and/or other parts of the process.
Advantages of RPO:
- Strategic Approach: RPOs utilize a team-based approach and an economy of scale to offer process improvements and better execute specialized tasks such as sourcing and on-boarding.
- Industry Expertise: Knowing where talent is found, how it is evolving, and common industry challenges is critical to the success of recruiting efforts. RPO providers have the experience, bandwidth, and resources to provide and utilize industry insight to build effective recruiting strategies.
- Attract More Talent: RPOs recognize that attracting great candidates is about effectively communicating an organizations goals, mission, values and the positive things that make it a great place to work.
- Multiple Applicant Channels: A Contract Recruiter is only one channel – themselves, whereas an RPO can manage and measure different channels, such as job boards, job events, referral, or the corporate website.
- Loyalty: An RPO provider is loyal to its client and is positioned to aid the success of the entire recruiting strategy. The contacts made during the recruitment process are assets of the company, not the recruiter, like with a contractor. They genuinely want to make sure a potential employee has the best hiring and onboarding experience.
- Scalable: RPOs can scale to increased demands for talent, and they can do it quickly. Most RPO providers offer tiered services with a ‘pay for what you need’ model as well as the flexibility for onsite, remote, or blended approach.
With the benefits and flexibility provided by RPO, it’s easy to see why the market is growing quickly. Market Watch predicts RPO growth of over 20% by 2022.
What to think about when considering an RPO:
- Cost: Cost per Hire ($) = [Total External Costs] + [Total Internal Costs] / Total Number of Hires. Costs of hiring factors in advertising job postings, conducting background screenings, and investing in recruiting and applicant tracking software. In partnering with an RPO vendor, all these expenses are rolled into one cost that’s often lower than what you pay if you paid for these services individually.
- Time: Is your team is working well beyond a 40-hour work week and yet, just never seems to have enough time to get everything done?
- Process Quality: Are you cutting corners in your hiring process? This can be due to limitations in time and resources, but it can also be due to an approach that lacks consistency, focus and follow through.
- Candidate Quality: Are you organically attracting the best talent for your organization? Are you using a full array of tools and measures to source, attract and vet manage candidate flow and advance your employer brand?
- Vertical Expertise: Does your recruiter really know the industry? RPOs that know the competitive landscape, job types, compensation ranges will provide a better foundation for service and provide more sophistication.
What to ask an RPO:
- What differentiates your firm from others?
- What is the scope of your services? What resources do you offer?
- Can you provide specific cost itemization so we can compare your approach versus others?
- What measures will you take to ensure that we meet our goals and timelines in hiring?
- Do you have any noncompete or non-solicitation specifics?
- Are you working with direct competitors or companies that pose conflict, i.e. strategic partners and embargoed companies?
- How scalable is your service if we need to ramp up? What level of flexibility do you offer if things don’t work out or if business conditions change?
- Can you provide client references and insight on previous projects with other clients?
- How will partnering with your firm strengthen our talent brand in the long run?
RPO Pricing Models:
- Management fee (monthly, weekly or hourly): Fee for agreed-upon number of positions.
- Cost per hire: Fee charged per each hire.
- Management plus cost per hire: Combination of the above two.
- Cost per slate: Fee for a set number of sourced, screened and qualified candidates for each open position.
- Cost per transaction: A fee is charged for a specific process, such as initial screening or reference checks.
By partnering with the an RPO provider, organizations can offboard the entire application process from sourcing, brand promotion, the management of applicant channels, ancillary paperwork and pre-employment screening or simply one part of that process. The options aren’t binary, and an existing talent acquisition team can pair nicely with an RPO partnership. As with any strategic partnership, there needs to be specific goal outlined.
A good RPO partner can leverage focus and economy of scale in its operation. A great RPO partner can leverage expertise in search selection, technology and process efficiencies to truly elevate hiring operations and overall success.
Contributing Authors: Eric Celidonio and Lauren E. Perna
In the first two parts of this series we talked about real cases of IP theft, including our own. These cases are extreme, but still the threat should not be taken lightly. There are many precautions you can take to protect your company. Forbes outlines a list of ways companies typically shield themselves from corporate espionage. The best practices list takes into consideration both internal security issues, arising from current and past employees being able to access and leak data, as well as outsiders who are trying to get access to company information.
The most reasonable precaution is to conduct a security audit of both physical spaces and intellectual property (which can include anything from ideas being floated around the office to data located on your company’s servers). The audit should also work to secure sources of data, such as USB drives or laptops, that could be stolen by a corporate spy walking through your building.
The list also suggests organizations take into consideration the ability of outsiders to visit their company. For example, major tech companies such as Apple and Google are typically located on a private road that is away from main thoroughfares in order to reduce visitor traffic and reduce spying and data loss.
Other ways companies can protect themselves include:
- Universally adopt a well-written Confidentiality or Non-Disclosure Agreement (NDA) requirement for all interviewers in order to discourage would-be spy agents.
- Make IP security a part of your corporate culture. Remind personnel with access to sensitive information what is in need of protection and how they can protect it, how to protect it as well as the potential consequences of sensitive information loss.
- Make sure visitors and interviewers are accompanied by an internal staff member and not be left alone places where sensitive information is stored such as offices and lab space.
- Advise individuals without access to IP what they should do if they inadvertently come across IP or sensitive information.
- Limit the number of copies of sensitive information as well as general access to printers, encrypt sensitive information whenever possible.
- Consider implementing user and entity behavior analytics (UEBA). UEBA utilizes machine learning and artificial intelligence-powered analytics to monitor activity and detect unusual behavior; it can be very effective in thwarting cyber spying and sabotage attempts.Consider implementing user and entity behavior analytics (UEBA). UEBA utilizes machine learning and artificial intelligence-powered analytics to monitor activity and detect unusual behavior; it can be very effective in thwarting cyber spying and sabotage attempts.
- Have role-based access privileges that are frequently reviewed and that are changed INSTANTLY with promotion, re-assignment, termination, re-organization, need to know, or other changes in employment status.
Roger Johnson, CEO of Right Brain Sekurity, in an interview with Digital Guardian recommended deploying effective insider threat countermeasures with a focus on disgruntlement detection and mitigation techniques. He indicates that there are many motivations for an inside attack, but disgruntlement is one of the easiest to address. He recommends fair, effective, and widely used grievance and employee assistance programs. Treat all employees and contractors well (not just “fairly”), especially those with sensitive IP access and those who have been terminated. As we suggest in a recent article, there are different ways managers can appreciate their employees that are not to be overlooked.
When it comes to the candidate process, it’s about knowing what to look for:
- The questions asked by the candidate are not relevant to the job–instead, they are focused more on intellectual property.
- There is an insistence on seeing the lab, manufacturing facility, or cleanroom.
- The job candidate’s LinkedIn seems incomplete (e.g., no picture, or very little information is included) or their resume lacks specific details.
- Your company’s computer network is accessed from an unfamiliar location (i.e., indicating that spies or other malicious entities may have infiltrated your organization’s servers).
Corporate espionage may seem like something out of a Hollywood movie, but it is real and more common than you might think. Unfortunately, the candidate interviewing process can serve as a unique opportunity for spies to gain access to sensitive and confidential information including company IP. That doesn’t mean you need to stop interviewing highly qualified candidates on the concern they might be spies. With proper precautionary measures and ongoing vigilance, you can mitigate risk and still build a stellar (spy-free) team.
Interested in getting the entire 3 part series in your inbox? Enter your details below:
Contributing Authors: Eric Celidonio and Lauren E. Perna
In the first part of this series, we told the story of a candidate that used the interview process to steal proprietary information from a potential employee. The interview process can provide a perfect opportunity for IP theft, but it can take place under other clever circumstances. For example, previous employees of your organization may still be able to access sensitive corporate data on your company’s servers. Or current employees can be bribed and or offer sensitive detail in interviews or social settings. Some other examples include:
- Trespassing on company property
- Posing as an employee to gain on sight or IT access
- Recording a phone conversation
- Email phishing and server hacking
Technologies used in corporate espionage technologies can include hacking USBs, which can contain malware which allows malicious entities to access corporate servers to steal data. In 2013, hackers working for the Chinese government stole trade secrets from U.S. and European aviation companies. Chinese hackers who visited the Suzhou headquarters of French aviation company Safran left a USB drive containing malware which allowed them to access corporate data.
However, corporate espionage technology doesn’t have to be sophisticated. Recall that, in the example we related at the beginning of the article, Marc brought a pen camera with a microphone to record conversations and obtain trade secrets. Corporate spies can steal computers or thumb drives, or use video or audio recording, to facilitate their intellectual property theft.
According to CSO online the most common IP breaches occur through:
- External email like a Gmail or Yahoo account (51%)
- Corporate email (46%)
- File sharing via FTP (40%)
- Collaboration tools like Slack or Dropbox (38%)
- SMS or instant messaging apps like Whatsapp (35%)
Recent Cases of Corporate Espionage
Just a few weeks ago, a striking case of corporate espionage hit the local news. On December 10th, a Chinese National medical student was caught at Logan Airport smuggling vials of research specimens in his luggage. Zaosong Zheng, 29, came here on a Harvard University sponsored visa and spent the past year doing cancer research at Beth Israel Hospital. Zheng was also caught with the laptop of a fellow Chinese researcher, who was in on his plan to steal the specimens, continue the research at home, and take credit for the work. This may sound rather brazen, but according to the Boston Globe it is not uncommon, as there have been about 18 similar cases at Logan Airport.
This case comes just a few months after several biotech leaders wrote an open letter to the NIH admonishing the dismissal of five Asian-American scientists from MD Anderson Cancer Center and Emory University on the basis they did not report their foreign ties. These dismissals were part of a larger NIH campaign to address concerns of IP theft among foreign nationals, especially those from China. The target is often oncology, and with China encroaching on the U.S.’s progress, NIH feels their concerns are valid. The biotech leaders worry the campaign is xenophobic and could hinder progress.
The NIH began their campaign in 2018 after several major cases of biopharma corporate espionage were made public, including one out of GSK’s Philadelphia R&D facility. A researcher pleaded guilty to stealing confidential research and sending it to China; she was working in conjunction with several other Chinese nationals. The other highly publicized case involved three scientists at Genetech transferring trade secrets to a Taiwannese competitor.
These cases illustrate how easily proprietary information can get into the wrong hands. The good news is that there are ways to make sure this doesn’t happen. In the final section of this piece, we’ll talk about how to protect yourself against such threats.
Interested in getting the entire 3 part series in your inbox? Enter your details below:
Corporate Espionage Part 1: When the Interview Process Becomes an Opportunity For Intellectual Property Theft
Contributing Authors: Eric Celidonio and Lauren E. Perna
Marc was the perfect candidate for a principal scientist job that we were having a difficult time filling. On paper, he was a well-qualified molecular biologist with degrees from top universities and impressive biochemistry skills. When our lead recruiter reached out to him, he played hard to get, but after a couple of attempts, he agreed to come in for an onsite interview.
Marc acted strangely during his interview–he was more interested in the facility than the actual job, frequently glanced around at his surroundings, and he asked a number of questions not related to the role. Marc also requested a tour of the lab, which was provided by a junior team member. By the end of the interview, it was clear that he wasn’t a fit for the role. In fact, despite his impressive credentials on paper, he didn’t seem to have any transferable skills or interest in the role.
While most of the interviewers chalked up Marc’s strange demeanor to just being a poor candidate for the job, it turns out that Marc wasn’t there for a new job. He was using the interview process to access intellectual property for a foreign competitor.
Marc used the opportunity to gain access to key, confidential information. He even stole a couple of USB drives as well as documentation when he was left alone in an interviewer’s office and when he walked unescorted to the restroom. He also brought an inexpensive pen camera with a microphone to record the discussion, effectively delivering accurate, sensitive detail with minimal effort.
Intellectual property (IP) theft via corporate espionage, also called industrial espionage, involves the theft of data meant for economic gain. This type of spying occurs between companies, corporations, and sometimes foreign governments. The candidate interview process creates a unique opportunity for these transgressions. Many interviewers might not even notice a stealth candidate taking a picture of a confidential whiteboard, stealing a USB drive, or taking a sensitive document left on a common printer.
Marc had signed a confidential disclosure agreement (CDA), meaning that he had agreed not to share the information learned in the interview with others. So the interviewers thought it was perfectly fine to share confidential information with him. By the end of the interview, Marc knew platform secrets, what compounds were being investigated, and what programs were being advanced. The CDA he had signed was meaningless–he provided the “lifted” information to an officer at a direct competitor outside the U.S.
Corporate Espionage: A Very Real and Expensive Threat
Corporate espionage can take many forms and can have a devastating impact on a company. While it is outlawed by the Economic Espionage Act of 1996, unfortunately, it’s still a relatively common practice. Some companies manage to spy on their competitors under the radar. The reverse situation of the one we encountered can also happen–an unsuspecting employee goes to a competing entity and is interviewed on the basis of “leaking” proprietary or sensitive information. Many corporate spies do not get caught or are caught after it’s too late and the intellectual property has been transferred.
According to the U.S. Commission on Theft of American Intellectual Property, the annual cost to the U.S. economy is on the order of hundreds of billions of dollars. This cost continues to exceed $225 billion and could be as high as $600 billion to U.S. corporations. Life science companies are some of the hottest targets. China alone has stolen IP from one in five US companies in 2019 according to a CNBC Poll.
This high cost includes not only lost IP but also financial information, marketing strategies, projects in development, pricing, and employee personal information. In addition to a potential competitive setback, such losses can additionally tarnish a company’s reputation as a leader and an innovator. Biotech is uniquely susceptible to espionage due to its fast pace, frequent directional change, and often poorly governed processes.
Now that we’ve told our real-life tale of a biotechnology spy, in the next section we’ll review other ways companies could open themselves up for IP theft.