Corporate Espionage Part 3: Protect Your Company

Corporate Espionage Part 3: Protect Your Company

Contributing Authors: Eric Celidonio, Lauren E. Perna, and Sheeva Azma

In the first two parts of this series we talked about real cases of IP theft, including our own. These cases are extreme, but still the threat should not be taken lightly. There are many precautions you can take to protect your company. Forbes outlines a list of ways companies typically shield themselves from corporate espionage. The best practices list takes into consideration both internal security issues, arising from current and past employees being able to access and leak data, as well as outsiders who are trying to get access to company information.

The most reasonable precaution is to conduct a security audit of both physical spaces and intellectual property (which can include anything from ideas being floated around the office to data located on your company’s servers).  The audit should also work to secure sources of data, such as USB drives or laptops, that could be stolen by a corporate spy walking through your building.

The list also suggests organizations take into consideration the ability of outsiders to visit their company. For example, major tech companies such as Apple and Google are typically located on a private road that is away from main thoroughfares in order to reduce visitor traffic and reduce spying and data loss.

Other ways companies can protect themselves include:

  • Universally adopt a well-written Confidentiality or Non-Disclosure Agreement (NDA) requirement for all interviewers in order to discourage would-be spy agents.
  • Make IP security a part of your corporate culture. Remind personnel with access to sensitive information what is in need of protection and how they can protect it, how to protect it as well as the potential consequences of sensitive information loss.
  • Make sure visitors and interviewers are accompanied by an internal staff member and not be left alone places where sensitive information is stored such as offices and lab space.
  • Advise individuals without access to IP what they should do if they inadvertently come across IP or sensitive information.
  • Limit the number of copies of sensitive information as well as general access to printers, encrypt sensitive information whenever possible.
  • Consider implementing user and entity behavior analytics (UEBA). UEBA utilizes machine learning and artificial intelligence-powered analytics to monitor activity and detect unusual behavior; it can be very effective in thwarting cyber spying and sabotage attempts.Consider implementing user and entity behavior analytics (UEBA). UEBA utilizes machine learning and artificial intelligence-powered analytics to monitor activity and detect unusual behavior; it can be very effective in thwarting cyber spying and sabotage attempts.
  • Have role-based access privileges that are frequently reviewed and that are changed INSTANTLY with promotion, re-assignment, termination, re-organization, need to know, or other changes in employment status.

Roger Johnson, CEO of Right Brain Sekurity, in an interview with Digital Guardian recommended deploying effective insider threat countermeasures with a focus on disgruntlement detection and mitigation techniques. He indicates that there are many motivations for an inside attack, but disgruntlement is one of the easiest to address. He recommends fair, effective, and widely used grievance and employee assistance programs.  Treat all employees and contractors well (not just “fairly”), especially those with sensitive IP access and those who have been terminated. As we suggest in a recent article, there are different ways managers can appreciate their employees that are not to be overlooked.

When it comes to the candidate process, it’s about knowing what to look for:

  • The questions asked by the candidate are not relevant to the job–instead, they are focused more on intellectual property.
  • There is an insistence on seeing the lab, manufacturing facility, or cleanroom.
  • The job candidate’s LinkedIn seems incomplete (e.g., no picture, or very little information is included) or their resume lacks specific details.
  • Your company’s computer network is accessed from an unfamiliar location (i.e., indicating that spies or other malicious entities may have infiltrated your organization’s servers).

Conclusions

Corporate espionage may seem like something out of a Hollywood movie, but it is real and more common than you might think.  Unfortunately, the candidate interviewing process can serve as a unique opportunity for spies to gain access to sensitive and confidential information including company IP. That doesn’t mean you need to stop interviewing highly qualified candidates on the concern they might be spies. With proper precautionary measures and ongoing vigilance, you can mitigate risk and still build a stellar (spy-free) team.

 

References:

https://www.forbes.com/sites/betsyatkins/2019/02/12/learning-from-apples-spying-incidents-how-to-protect-your-company-from-corporate-espionage/#63e5f5246fb4

https://www.forbes.com/sites/quora/2017/06/05/how-do-fortune-500-protect-themselves-from-corporate-espionage/#4e76717a5ced

https://www.giac.org/paper/gsec/1587/corporate-espionage-101/102941

https://www.thebalancesmb.com/how-corporate-spies-could-be-watching-your-business-4165210

https://usnwc.libguides.com/c.php?g=661096&p=5258510

https://www.ekransystem.com/en/blog/prevent-industrial-espionaged

https://www.cio.com/article/2879575/how-corporate-spies-access-your-companys-secrets.html

https://www.inc.com/magazine/201302/george-chidi/confessions-of-a-corporate-spy.html

https://blogs.findlaw.com/free_enterprise/2017/05/3-tips-to-protect-against-corporate-espionage.html

https://www.csoonline.com/article/3285726/what-is-corporate-espionage-inside-the-murky-world-of-private-spying.html

https://securityintelligence.com/articles/10-myths-and-misconceptions-about-industrial-espionage/

http://ipcommission.org/report/IP_Commission_Report_052213.pdf

https://www.cnbc.com/2019/02/28/1-in-5-companies-say-china-stole-their-ip-within-the-last-year-cnbc.html

https://www.csoonline.com/article/2138380/intellectual-property-protection-10-tips-to-keep-ip-safe.html

https://digitalguardian.com/blog/how-to-secure-intellectual-property#Johnston

Corporate Espionage Part 2: Beyond the Interview Process

Corporate Espionage Part 2: Beyond the Interview Process

Contributing Authors: Eric Celidonio, Lauren E. Perna, and Sheeva Azma

In the first part of this series, we told the story of a candidate that used the interview process to steal proprietary information from a potential employee.  The interview process can provide a perfect opportunity for IP theft, but it can take place under other clever circumstances. For example, previous employees of your organization may still be able to access sensitive corporate data on your company’s servers. Or current employees can be bribed and or offer sensitive detail in interviews or social settings. Some other examples include:

  • Trespassing on company property
  • Posing as an employee to gain on sight or IT access
  • Recording a phone conversation
  • Email phishing and server hacking

Technologies used in corporate espionage technologies can include hacking USBs, which can contain malware which allows malicious entities to access corporate servers to steal data.  In 2013, hackers working for the Chinese government stole trade secrets from U.S. and European aviation companies.  Chinese hackers who visited the Suzhou headquarters of French aviation company Safran left a USB drive containing malware which allowed them to access corporate data.

However, corporate espionage technology doesn’t have to be sophisticated.  Recall that, in the example we related at the beginning of the article, Marc brought a pen camera with a microphone to record conversations and obtain trade secrets.  Corporate spies can steal computers or thumb drives, or use video or audio recording, to facilitate their intellectual property theft.

According to CSO online the most common IP breaches occur through:

  • External email like a Gmail or Yahoo account (51%)
  • Corporate email (46%)
  • File sharing via FTP (40%)
  • Collaboration tools like Slack or Dropbox (38%)
  • SMS or instant messaging apps like Whatsapp (35%)

Recent Cases of Corporate Espionage

Just a few weeks ago, a striking case of corporate espionage hit the local news.  On December 10th, a Chinese National medical student was caught at Logan Airport smuggling vials of research specimens in his luggage. Zaosong Zheng, 29, came here on a Harvard University sponsored visa and spent the past year doing cancer research at Beth Israel Hospital.  Zheng was also caught with the laptop of a fellow Chinese researcher, who was in on his plan to steal the specimens, continue the research at home, and take credit for the work. This may sound rather brazen, but according to the Boston Globe it is not uncommon, as there have been about 18 similar cases at Logan Airport.

This case comes just a few months after several biotech leaders wrote an open letter to the NIH admonishing the dismissal of five Asian-American scientists from MD Anderson Cancer Center and Emory University on the basis they did not report their foreign ties.  These dismissals were part of a larger NIH campaign to address concerns of IP theft among foreign nationals, especially those from China. The target is often oncology, and with China encroaching on the U.S.’s progress, NIH feels their concerns are valid.  The biotech leaders worry the campaign is xenophobic and could hinder progress.

The NIH began their campaign in 2018 after several major cases of biopharma corporate espionage were made public, including one out of GSK’s Philadelphia R&D facility. A researcher pleaded guilty to stealing confidential research and sending it to China; she was working in conjunction with several other Chinese nationals.  The other highly publicized case involved three scientists at Genetech transferring trade secrets to a Taiwannese competitor.

These cases illustrate how easily proprietary information can get into the wrong hands. The good news is that there are ways to make sure this doesn’t happen. In the final section of this piece, we’ll talk about how to protect yourself against such threats.

Corporate Espionage Part 1: When the Interview Process Becomes an Opportunity For Intellectual Property Theft

Corporate Espionage Part 1: When the Interview Process Becomes an Opportunity For Intellectual Property Theft

Contributing Authors: Eric Celidonio, Lauren E. Perna, and Sheeva Azma

Marc was the perfect candidate for a principal scientist job that we were having a difficult time filling. On paper, he was a well-qualified molecular biologist with degrees from top universities and impressive biochemistry skills. When our lead recruiter reached out to him, he played hard to get, but after a couple of attempts, he agreed to come in for an onsite interview.

Marc acted strangely during his interview–he was more interested in the facility than the actual job, frequently glanced around at his surroundings, and he asked a number of questions not related to the role.  Marc also requested a tour of the lab, which was provided by a junior team member.  By the end of the interview, it was clear that he wasn’t a fit for the role.  In fact, despite his impressive credentials on paper, he didn’t seem to have any transferable skills or interest in the role.

While most of the interviewers chalked up Marc’s strange demeanor to just being a poor candidate for the job, it turns out that Marc wasn’t there for a new job. He was using the interview process to access intellectual property for a foreign competitor.

Marc used the opportunity to gain access to key, confidential information. He even stole a couple of USB drives as well as documentation when he was left alone in an interviewer’s office and when he walked unescorted to the restroom.  He also brought an inexpensive pen camera with a microphone to record the discussion, effectively delivering accurate, sensitive detail with minimal effort.

Intellectual property (IP) theft via corporate espionage, also called industrial espionage, involves the theft of data meant for economic gain.  This type of spying occurs between companies, corporations, and sometimes foreign governments. The candidate interview process creates a unique opportunity for these transgressions.  Many interviewers might not even notice a stealth candidate taking a picture of a confidential whiteboard, stealing a USB drive, or taking a sensitive document left on a common printer.

Marc had signed a confidential disclosure agreement (CDA), meaning that he had agreed not to share the information learned in the interview with others. So the interviewers thought it was perfectly fine to share confidential information with him.  By the end of the interview, Marc knew platform secrets, what compounds were being investigated, and what programs were being advanced.  The CDA he had signed was meaningless–he provided the “lifted” information to an officer at a direct competitor outside the U.S.

Corporate Espionage: A Very Real and Expensive Threat

Corporate espionage can take many forms and can have a devastating impact on a company.  While it is outlawed by the Economic Espionage Act of 1996, unfortunately, it’s still a relatively common practice.  Some companies manage to spy on their competitors under the radar. The reverse situation of the one we encountered can also happen–an unsuspecting employee goes to a competing entity and is interviewed on the basis of “leaking” proprietary or sensitive information. Many corporate spies do not get caught or are caught after it’s too late and the intellectual property has been transferred.

decorative

According to the U.S. Commission on Theft of American Intellectual Property, the annual cost to the U.S. economy is on the order of hundreds of billions of dollars.  This cost continues to exceed $225 billion and could be as high as $600 billion to U.S. corporations. Life science companies are some of the hottest targets. China alone has stolen IP from one in five US companies in 2019 according to a CNBC Poll.

This high cost includes not only lost IP but also financial information, marketing strategies, projects in development, pricing, and employee personal information. In addition to a potential competitive setback, such losses can additionally tarnish a company’s reputation as a leader and an innovator. Biotech is uniquely susceptible to espionage due to its fast pace, frequent directional change, and often poorly governed processes.

Now that we’ve told our real life tale of a biotechnology spy, in the next section we’ll review other ways companies could open themselves up for IP theft.

The Key to Recruiting Success: Social Media 

The Key to Recruiting Success: Social Media 

Social recruiting is no longer a novelty—it’s the cornerstone of a successful recruiting strategy and is an essential tool for businesses looking to market themselves online. Utilizing your social pages and profiles to advertise open positions will help you reduce recruiting costs compared to more traditional methods and is more likely to result in a good cultural match for your company.

Attracting Employees via Social Media

Sharing job openings on social media is a great first step, but you can use these tips to take your company’s social recruitment to the next level.

Spotlight Company Culture

Your business becomes infinitely more relatable when you discuss company culture online. This not only attracts customers and clients, but potential job candidates as well. If someone is already a follower of your company’s social media, there’s a pretty good chance that they connect with you on a personal level and that their values align with your brand. This eliminates the need to ask candidates what they know about your company because they’re already well informed.

Show Off Your Employees

Everyone wants to feel valued. Use your company’s social media to show off your employees and their accomplishments. These images will also show potential candidates what their colleagues would be like and gives them a feel on whether or not they think they could fit into the dynamic. Check out Apple CEO Tim Cook’s Twitter page. He is a great example of showing off and praising employees on a regular basis.

Publish Valuable Content

Potential employees and customers need a reason to follow you. Publishing valuable content is a great way to convince them. The easiest way to expand your reach and then keep those followers is posting at least once per weekday. Share original content or relevant posts from an external source that you believe will benefit your audience.

Use a Social Media Management Platform

Don’t let social media and the need to post on multiple platforms scare you. Programs like Buffer, HootSuite, HubSpot, MeetEdgar, TweetDeck, Sprout Social, etc. brings all of your accounts into one convenient place for you to manage.

Strive for Rich Media

Text-only posts are boring and won’t stand out. In fact, posts on LinkedIn that include images receive 98 percent more comments compared to those that don’t. Adding videos to your posts is another great way to include rich media.

Encourage Employee Participation

Employees [LINK TO IT TAKES A VILLAGE ARTICLE THAT I WROTE] are the face of your brand and encouraging them to share workplace culture will only benefit your recruitment efforts. Follow employees with your company’s accounts and share their posts about work in order to add authenticity to your pages.

social media platforms for job recruiting

Social Platforms

LinkedIn

LinkedIn is the most professional social networking site and boasts over 560 million users. With over 40 million students and recent college graduates on the site, it is a great place to recruit new talent entering the workforce.

The first step to recruiting on LinkedIn is setting up a company page. LinkedIn provides you with the template, so all you have to do is fill in the details. Once your page is set up, it is important to add followers in order to expand your company’s reach.

LinkedIn Recruiter

LinkedIn Recruiter is a platform within the social network created to help recruiters find, connect with and manage candidates. This tool also allows you to connect to your applicant tracking system (ATS) in order to collaborate with others more efficiently, save time, and ensure accuracy across systems.

Groups

Use LinkedIn Groups to connect with other professionals in your field, kind of like a virtual professional association. Posting job openings in those groups will allow you to target the specific candidates you are looking for.

Ads

Use targeted ads to attract potential candidates to your job openings. LinkedIn allows you to hone in on specific people by several factors, including job function, seniority, company name, geography, industry, skills, field of study and more.

Facebook

Facebook is the largest social network with more than 1.5 billion members. The site was originally intended to connect friends, family and coworkers, but has expanded to include organizations, businesses and interests.

Job Openings Tab

Create a custom job openings tab on your Facebook page for current openings. This way, you can attract applicants out of the pool of followers you already have and potentially increase the number of qualified applicants to your open positions.

Ads

Like LinkedIn, Facebook offers targeted ads, which you could use to promote job openings. Facebook Core Audiences helps you select the right recipients for your ad based on several factors such as location, demographics, behavior, connections and interests.

Twitter

According to research, 85 percent of followers feel more connected with a small business after following them on Twitter and 42 percent of Twitter users use the site to learn more about products and services.

Hashtags

Using hashtags will expand your audience by allowing people to find tweets that interest them. The first step is to come up with a hashtag that will be used with all recruitment-related posts. It should be simple, unique and relevant. Starbucks uses #sbuxjobstalk and Disney uses #LifeAtDisney.

It is also wise to use existing broad hashtags so that more people will see your posts. Terms like #jobs, #jobsearch, #jobhunt, #careers and #jobopening will help people find you.

Instagram

Instagram is now the king of social engagement, according to a report by Forrester, so if you want to attract high quality candidates via social media, a business account is a must-have.

Keep it real

Instagram is very visual, so take real photos and video of your products and employees to give potential candidates a sneak peek into what it’s like to work at your company—the work, the play and everything in between. Take Novartis’ lead and share stories from patients who have benefited from using your products.

YouTube

Half of all Internet users (about 1.9 billion users) visit YouTube every month and they watch billions of hours of video. That means that there is a huge untapped pool of potential candidates waiting for you on the social network.

Utilize Video Marketing

Creating a short, fun video about what it’s like to work at your company and why candidates should apply for a job opening is a great way to use video marketing to your advantage.

Your Website or Blog

Don’t forget to create a permanent Careers page on your website to post job listings. This is a great place to link back to from social posts so that candidates can easily find out more information on your company.

Boston Biotech: It Keeps Getting Better

Boston Biotech: It Keeps Getting Better

If you’re in the biotech industry in Boston, you couldn’t be in a better place. Well, technically the whole state of Massachusetts is the place to be, but we’re a little biased towards the capital. In fact, Massachusetts, and more specifically, the Boston metropolitan area, has surpassed California and is now the top biotech hub in the world by the metric of a total number of people employed in the industry.

The Massachusetts Biotechnology Education Foundation’s (MassBioEd) most recent job trends forecast reported some encouraging statistics for those currently in or thinking of joining the industry.

Explosive Growth Predicted to Continue

According to MassBioEd’s summary, the industry exceeded 70,000 jobs for the first time and it’s not slowing down anytime soon.

  • Since 2014, the Massachusetts life sciences industry has grown at approximately double the rate of both the state and U.S. economies.
  • The total amount of job listings exceeded 27,700 in 2017. Of those, over 16,000 were STEM/Technical positions.
  • The Massachusetts biotech sector will add almost 12,000 new jobs by 2023.
  • Eighty-three percent of life sciences companies reported plans to expand their headcount in the next 12 months.

Growing Pains are Unavoidable?

Rapid growth will inevitably pose several challenges to the industry, including:

  • Longer recruitment cycles: 65 percent of organizations surveyed reported that the average time it took to fill an opening was over 10 weeks; compared to the national average, which is only about 30 days.
  • Clinical research was named by 31 percent of companies surveyed as the hardest area to find qualified candidates in, followed by openings in Regulatory Affairs, Quality, and Research & Development roles—which also happen to be the top four areas that life sciences organizations plan to expand. This means that recruiting candidates to fill these roles is going to quickly become even more challenging.
  • Job openings requiring an Associate’s Degree and Ph.D. saw much higher levels of growth in demand compared to supply.
  • Colleges and universities have improved somewhat, but are still struggling to produce a sufficient number of graduates to fill entry-level positions for certain types of roles.
  • Specialization in these positions means that new workers cannot simply be poached from another industry or sector.
  • Twenty-nine percent of companies said that they had formal diversity initiatives—for either gender or race/ethnicity—at the contributor level, 28 percent at the management level and 17 percent at the board level.
  • Sixty percent of companies reported that they had no formal diversity initiatives.

Largest Life Science Companies in Massachusetts

The Boston area is home to almost 1,000 biotech companies, including both pharma giants and small startups. According to the Boston Business Journal, these are the top five largest life science companies in the state of Massachusetts as of August 2018:

Firm Mass. Employees Total Employees Total 2017 Revenue Company’s Main Product/Service Focus
Sanofi
50 Binney St.
Cambridge, MA 02142sanofi.com
4,800 100,000 $41,088,250,000 Specialty care, primary care, vaccines and consumer health care
Shire PLC
300 Shire Way
Lexington, MA 02421shire.com
3,059 23,000 15,200,000,000 Therapeutic areas including immunology, hematology, neuroscience, genetic diseases, internal medicine, ophthalmics and oncology
Takeda Pharmaceutical Co. Ltd.
40 Landsdowne St.
Cambridge, MA 02139takeda.com
2,700 30,000 NA Oncology, gastroenterology, CNS and vaccines
Biogen
225 Binney St.
Cambridge, MA 02142biogen.com
2,400 7,200 $12,300,000,000 Therapies for people living with serious neurological and neurodegenerative diseases
Novartis
181 Massachusetts Ave.
Cambridge, MA 02139novartis.com
2,337 129,222 $49,100,000,000 Broad range of medicines for a variety of diseases/conditions

The bottom line? Biotech is booming in Boston.

And if you’re a biotech recruiter, don’t be surprised if it takes a little longer to fill all of your vacant positions. Sci.bio is here to help make that process smoother when you decide to outsource your recruiting efforts.