When the  Interview Process Becomes an Opportunity For Intellectual Property Theft

When the Interview Process Becomes an Opportunity For Intellectual Property Theft

Marc was the perfect candidate for a principal scientist job that we were having a difficult time filling. On paper, he was a well-qualified molecular biologist with degrees from top universities and impressive biochemistry skills. When our lead recruiter reached out to him, he played hard to get, but after a couple of attempts, he agreed to come in for an onsite interview.

Marc acted strangely during his interview–he was more interested in the facility than the actual job, frequently glanced around at his surroundings, and he asked a number of questions not related to the role. Marc also requested a tour of the lab, which was provided by a junior team member. By the end of the interview, it was clear that he wasn’t a fit for the role. In fact, despite his impressive credentials on paper, he didn’t seem to have any transferable skills or interest in the role.

While most of the interviewers chalked up Marc’s strange demeanor to just being a poor candidate for the job, it turns out that Marc wasn’t there for a new job. He was using the interview process to access intellectual property for a foreign competitor.

Marc used the opportunity to gain access to key, confidential information. He even stole a couple of USB drives as well as documentation when he was left alone in an interviewer’s office and when he walked unescorted to the restroom. He also brought an inexpensive pen camera with a microphone to record the discussion, effectively delivering accurate, sensitive detail with minimal effort.

Intellectual property (IP) theft via corporate espionage, also called industrial espionage, involves the theft of data meant for economic gain. This type of spying occurs between companies, corporations, and sometimes foreign governments. The candidate interview process creates a unique opportunity for these transgressions. Many interviewers might not even notice a stealth candidate taking a picture of a confidential whiteboard, stealing a USB drive, or taking a sensitive document left on a common printer.

Marc had signed a confidential disclosure agreement (CDA), meaning that he had agreed not to share the information learned in the interview with others. So the interviewers thought it was perfectly fine to share confidential information with him. By the end of the interview, Marc knew platform secrets, what compounds were being investigated, and what programs were being advanced. The CDA he had signed was meaningless–he provided the “lifted” information to an officer at a direct competitor outside the U.S.

Corporate Espionage: A Very Real and Expensive Threat

Corporate espionage can take many forms and can have a devastating impact on a company. While it is outlawed by the Economic Espionage Act of 1996, unfortunately, it’s still a relatively common practice. Some companies manage to spy on their competitors under the radar. The reverse situation of the one we encountered can also happen–an unsuspecting employee goes to a competing entity and is interviewed on the basis of “leaking” proprietary or sensitive information. Many corporate spies do not get caught or are caught after it’s too late and the intellectual property has been transferred.

decorative

According to the U.S. Commission on Theft of American Intellectual Property, the annual cost to the U.S. economy is on the order of hundreds of billions of dollars. This cost continues to exceed $225 billion and could be as high as $600 billion to U.S. corporations. Life science companies are some of the hottest targets. China alone has stolen IP from one in five US companies in 2019 according to a CNBC Poll.

This high cost includes not only lost IP but also financial information, marketing strategies, projects in development, pricing, and employee personal information. In addition to a potential competitive setback, such losses can additionally tarnish a company’s reputation as a leader and an innovator. Biotech is uniquely susceptible to espionage due to its fast pace, frequent directional change, and often poorly governed processes.

Corporate Espionage Beyond the Interview Process

While the interview process provides a perfect opportunity for IP theft, it can take place under other clever circumstances. For example, previous employees of your organization may still be able to access sensitive corporate data on your company’s servers. Or current employees can be bribed and or offer sensitive detail in interviews or social settings. Some other examples include:

  • Trespassing on company property
  • Posing as an employee to gain on sight or IT access
  • Recording a phone conversation
  • Email phishing and server hacking

Technologies used in corporate espionage technologies can include hacking USBs, which can contain malware which allows malicious entities to access corporate servers to steal data. In 2013, hackers working for the Chinese government stole trade secrets from U.S. and European aviation companies. Chinese hackers who visited the Suzhou headquarters of French aviation company Safran left a USB drive containing malware which allowed them to access corporate data.

However, corporate espionage technology doesn’t have to be sophisticated. Recall that, in the example we related at the beginning of the article, Marc brought a pen camera with a microphone to record conversations and obtain trade secrets. Corporate spies can steal computers or thumb drives, or use video or audio recording, to facilitate their intellectual property theft.

According to CSO online the most common IP breaches occur through:

  • External email like a Gmail or Yahoo account (51%)
  • Corporate email (46%)
  • File sharing via FTP (40%)
  • Collaboration tools like Slack or Dropbox (38%)
  • SMS or instant messaging apps like Whatsapp (35%)

Recent Cases of Corporate Espionage

Just a few weeks ago, a striking case of corporate espionage hit the local news. On December 10th, a Chinese National medical student was caught at Logan Airport smuggling vials of research specimens in his luggage. Zaosong Zheng, 29, came here on a Harvard University sponsored visa and spent the past year doing cancer research at Beth Israel Hospital. Zheng was also caught with the laptop of a fellow Chinese researcher, who was in on his plan to steal the specimens, continue the research at home, and take credit for the work. This may sound rather brazen, but according to the Boston Globe it is not uncommon, as there have been about 18 similar cases at Logan Airport.

This case comes just a few months after several biotech leaders wrote an open letter to the NIH admonishing the dismissal of five Asian-American scientists from MD Anderson Cancer Center and Emory University on the basis they did not report their foreign ties. These dismissals were part of a larger NIH campaign to address concerns of IP theft among foreign nationals, especially those from China. The target is often oncology, and with China encroaching on the U.S.’s progress, NIH feels their concerns are valid. The biotech leaders worry the campaign is xenophobic and could hinder progress.

The NIH began their campaign in 2018 after several major cases of biopharma corporate espionage were made public, including one out of GSK’s Philadelphia R&D facility. A researcher pleaded guilty to stealing confidential research and sending it to China; she was working in conjunction with several other Chinese nationals. The other highly publicized case involved three scientists at Genetech transferring trade secrets to a Taiwannese competitor.

Protect Your Company against Corporate Espionage

If this is all sounding a little overwhelming, don’t panic–there are many precautions you can take to protect your company. Forbes outlines a list of ways companies typically shield themselves from corporate espionage. The best practices list takes into consideration both internal security issues, arising from current and past employees being able to access and leak data, as well as outsiders who are trying to get access to company information.

The most reasonable precaution is to conduct a security audit of both physical spaces and intellectual property (which can include anything from ideas being floated around the office to data located on your company’s servers). The audit should also work to secure sources of data, such as USB drives or laptops, that could be stolen by a corporate spy walking through your building.

The list also suggests organizations take into consideration the ability of outsiders to visit their company. For example, major tech companies such as Apple and Google are typically located on a private road that is away from main thoroughfares in order to reduce visitor traffic and reduce spying and data loss.

Other ways companies can protect themselves include:

  • Universally adopt a well-written Confidentiality or Non-Disclosure Agreement (NDA) requirement for all interviewers in order to discourage would-be spy agents.
  • Make IP security a part of your corporate culture. Remind personnel with access to sensitive information what is in need of protection and how they can protect it, how to protect it as well as the potential consequences of sensitive information loss.
  • Make sure visitors and interviewers are accompanied by an internal staff member and not be left alone places where sensitive information is stored such as offices and lab space.
  • Advise individuals without access to IP what they should do if they inadvertently come across IP or sensitive information.
  • Limit the number of copies of sensitive information as well as general access to printers, encrypt sensitive information whenever possible.
  • Consider implementing user and entity behavior analytics (UEBA). UEBA utilizes machine learning and artificial intelligence-powered analytics to monitor activity and detect unusual behavior; it can be very effective in thwarting cyber spying and sabotage attempts.Consider implementing user and entity behavior analytics (UEBA). UEBA utilizes machine learning and artificial intelligence-powered analytics to monitor activity and detect unusual behavior; it can be very effective in thwarting cyber spying and sabotage attempts.
  • Have role-based access privileges that are frequently reviewed and that are changed INSTANTLY with promotion, re-assignment, termination, re-organization, need to know, or other changes in employment status.

Roger Johnson, CEO of Right Brain Sekurity, in an interview with Digital Guardian recommended deploying effective insider threat countermeasures with a focus on disgruntlement detection and mitigation techniques. He indicates that there are many motivations for an inside attack, but disgruntlement is one of the easiest to address. He recommends fair, effective, and widely used grievance and employee assistance programs. Treat all employees and contractors well (not just “fairly”), especially those with sensitive IP access and those who have been terminated. As we suggest in a recent article, there are different ways managers can appreciate their employees that are not to be overlooked.

When it comes to the candidate process, it’s about knowing what to look for:

  • The questions asked by the candidate are not relevant to the job–instead, they are focused more on intellectual property.
  • There is an insistence on seeing the lab, manufacturing facility, or cleanroom.
  • The job candidate’s LinkedIn seems incomplete (e.g., no picture, or very little information is included) or their resume lacks specific details.
  • Your company’s computer network is accessed from an unfamiliar location (i.e., indicating that spies or other malicious entities may have infiltrated your organization’s servers).

Conclusions

Corporate espionage may seem like something out of a Hollywood movie, but it is very real and more common than you might think. Unfortunately, the candidate interviewing process can serve as a unique opportunity for spies to gain access to sensitive and confidential information including company IP. That doesn’t mean you need to stop interviewing highly qualified candidates on the concern they might be spies. With proper precautionary measures and ongoing vigilance, you can mitigate risk and still build a stellar (spy-free) team.

References:

https://www.forbes.com/sites/betsyatkins/2019/02/12/learning-from-apples-spying-incidents-how-to-protect-your-company-from-corporate-espionage/#63e5f5246fb4

https://www.forbes.com/sites/quora/2017/06/05/how-do-fortune-500-protect-themselves-from-corporate-espionage/#4e76717a5ced

https://www.giac.org/paper/gsec/1587/corporate-espionage-101/102941

https://www.thebalancesmb.com/how-corporate-spies-could-be-watching-your-business-4165210

https://usnwc.libguides.com/c.php?g=661096&p=5258510

https://www.ekransystem.com/en/blog/prevent-industrial-espionaged

https://www.cio.com/article/2879575/how-corporate-spies-access-your-companys-secrets.html

https://www.inc.com/magazine/201302/george-chidi/confessions-of-a-corporate-spy.html

https://blogs.findlaw.com/free_enterprise/2017/05/3-tips-to-protect-against-corporate-espionage.html

https://www.csoonline.com/article/3285726/what-is-corporate-espionage-inside-the-murky-world-of-private-spying.html

https://securityintelligence.com/articles/10-myths-and-misconceptions-about-industrial-espionage/

http://ipcommission.org/report/IP_Commission_Report_052213.pdf

https://www.cnbc.com/2019/02/28/1-in-5-companies-say-china-stole-their-ip-within-the-last-year-cnbc.html

https://www.csoonline.com/article/2138380/intellectual-property-protection-10-tips-to-keep-ip-safe.html

https://digitalguardian.com/blog/how-to-secure-intellectual-property#Johnston

The New Year: Thinking About Your Next Career Move

The New Year: Thinking About Your Next Career Move

The other day we got a call from a candidate who wanted to get on our radar for an impending career move. When we asked his time-frame, we were surprised to hear him say 2021. Often times we hear from candidates when they’re long past this pondering phase and more into the get-me-out-of-here phase. So kudos to that young man for having such foresight. 

While that extended time-line is extreme, our candidate does have the right idea to “always be looking.” While no job is ever 100% safe, that is the name of the game in the life sciences and I’m sure he knows that. In our industry, it’s important to be cognizant that things could change at the drop of a dime. That being said, you don’t need to be unnecessarily submitting job applications every day. So if everything is seemingly fine, when should you start the process of thinking about your next move? 

The new year is always a good time to take stock in your current situation. Typically this is the time of year that everyone is doing a little self-reflection and making goals, including the companies themselves. It’s also the time that hiring managers post the majority of their openings and get ready for performance reviews. 

To really make this analysis successful treat it like an exercise in data collection. Consider even assigning each piece of “data” a number value. For example, if you’re happy with your manager then maybe you assign it an 8 because that’s a crucial part of your happiness. But if the commute is horrible then maybe assign it a 2 because that’s unlikely to change. For the more data-driven, assigning numbers might offer a more objective view. 

Here are some suggestions to get you started:

  • Write down all of the things you like about the job. Some questions to consider:
    • Are you excited about going to work each day?
    • Do you like the research/product?
    • Do you feel challenged? Supported? Appreciated? 
    • Do you enjoy your colleagues? 
    • Do you believe in senior management?
  • Write down what you dislike about the jobs. When writing these down, also note if you see a course of action for these things to change, i.e. there may be no telling if a bad manager will leave, but lack of resources might change if the company just received funding.  
  • Write down your career goals, and frame them as SMART (Specific, Measurable, Achievable, Realistic, and Timely) goals. 
    • Given the climate of your company, how likely you are to attain these goals this year?
  • Think about your performance review. 
    • How do you think it will go? 
    • What would you say for self-evaluation and company evaluation? 
  • Review the past year of company business:
    • Most life sciences companies have a section on the website for investors and media that include financials, filings, stock information, SEC filings etc. 
    • Also, take a look at the jobs board–a robust jobs board is usually a good thing. 
    • Did senior management turnover or did they stay? 
    • Did people get promoted and did jobs get added?
  • Be sure to keep company business on your radar:
    • Know when research readouts and clinical trial results are set to be revealed.
    • Chat with employees from other departments–they might have more insight into how their team is doing.
    • If your company is a service provider, keep a close eye on your clients and how they’re doing. 
  • Take a peak at what else is out there. 
    • Review job boards.
    • Stay on top of industry news, especially in your location. Is a new company  moving in nearby and are they hiring?   
    • Keep your eyes on competitors.
    • Is there a technology making headlines that you’re interested in? 
    • Chat with colleagues at other companies.
    • Attend networking events to meet folks outside of your usual circle.
  • Talk with a trusted friend or family member. Sometimes they can give you a better read on the situation than you realize. 

As you’re collecting this data, you’ll likely start to get a sense of how you’re feeling about things.  However, it’s important to also take some time to review it altogether. This is where assigning number values can come in handy.  

If you see lots of low numbers or any of your findings gives you red flags, then it’s time to think about next steps. Begin by reaching out to a career coach or a recruiter. Sign up for job board notifications and go to networking events. 

If you complete your research feeling good about your role and the future of the company, then maybe a job change is put on the back burner. Only you can make that decision. But if any of the above topics raise small red flags, don’t ignore them. You may not want to go into a full out job search, but put the feelers out there. Maybe you don’t make the move until 2021 or maybe you end up finding the dream job you didn’t realize you wanted.

Practicing Gratitude: A Game-Changer For Your Career

Practicing Gratitude: A Game-Changer For Your Career

Gratitude is an incredibly powerful, positive emotion that is seldom experienced by so many of us who are caught up in the day to day demands of life. The rise of consumerism, never ending to-do lists and the ceaseless pursuit of enhanced social mobility often means that gratitude is displaced by incessant ambition and this isn’t healthy.

As Thanksgiving approaches, we hear the words thankful and grateful a little more. From #grateful social media posts to customer appreciation pies, expressing gratitude is in the air this time of year. That’s part of what makes it such a special time.  At the same rate, practicing everyday gratitude has become a more prominent cultural paradigm. Perhaps it’s because of the rise in studies on the science of gratitude, or maybe it’s just social media. Whatever the reason, with 7,000 listings on Amazon for “gratitude journal,” it’s safe to say our culture is adopting the practice of gratitude. 

Why is practicing gratitude helpful every day and not just the last 6 weeks of the year? According to The Greater Good Science Center at the University of California at Berkeley, “gratitude may be associated with many benefits for individuals, including better physical and psychological health, increased happiness and life satisfaction, decreased materialism, and more.” Gratitude helps people feel more optimistic, and it helps us slow down in this rapid-paced world of ours.

Taking time to acknowledge the things you’re grateful for can be a game-changer for your overall wellbeing and health, but it can also make a big difference in your career. Here’s how:

For the job-seeker: It’s easy to lose faith in a job search, but this is where a gratitude journal can come in helpful. Take time to write down the successes of your search. Try to view setbacks in a positive light. For example, if you went in for a second-round interview but didn’t make the next cut, remind yourself that you got farther than most candidates. Acknowledge that you are doing better than when you started the search. Here are a few more tips on staying grateful during a job search. 

For the manager: According to PayScale’s report on employee engagement and retention, feeling appreciated at work is the biggest influencer on employee satisfaction, and underappreciated employees are much more likely to leave the company. So taking a few minutes to show your staff gratitude year-round will improve company culture while also making you feel good. PayScale offers more insight into workplace gratitude here and here

For anyone at any point in their career: Regardless of your career status, take a few minutes to remind yourself of your accomplishments. Not only will it help you work harder, but it can also help you be better. This article from Peter Bregman at the Harvard Business Review says that “identifying the things we are grateful for mirrors the areas we are hoping to improve.” According to Bergman “your path to improvement is hidden in your pleasure, not your discontent.” The Muse provides a handy infographic of why gratitude is so important. 

Do you practice gratitude every day? If so, what do you do? Sound off below.

Lauren Perna Joins Sci.bio as Director of Marketing, Communications, & Business Development

Lauren Perna Joins Sci.bio as Director of Marketing, Communications, & Business Development

Rockland, Massachusetts, November 11, 2019: Sci.Bio is pleased to announce that Lauren Perna has joined the team in the new role of director of marketing, communications, and business development.  Perna will focus on raising Sci.Bio’s visibility by building strategic marketing, social media, and events campaigns. She also plans to expand philanthropic efforts and position Sci.Bio as a community partner.

Perna brings over a decade of diverse experience in marketing, communications, and relationship-building. She also brings an extensive life sciences network, having spent much of her career at the life sciences trade organization, MassBio. As senior director of membership, Perna promoted MassBio’s benefits and helped the 1,200 member companies grow their businesses in the life sciences industry. During her tenure, she helped launch a major member engagement initiative. Highlights include improving member communications, enhancing MassBio’s profile in the community, and spearheading a popular networking series. For the past year, Perna focused on her communications consulting practice, helping small businesses and nonprofits raise their digital and social profiles.

Sci.Bio Founder Eric Celidonio made the following statement about Perna’s joining: “I know Lauren will have a huge impact on Sci.Bio, given her unique background and her passion for the life sciences industry. Her enthusiasm and hands-on approach are a great match for the Sci.Bio team, and we’re all excited to see her take us to the next phase.”

On joining Sci.Bio, Perna says: “This opportunity is a great match. I thrive in an entrepreneurial environment, which is a big part of the Sci.Bio culture. And, I can continue serving an industry I am deeply rooted in while doing what I enjoy—bringing visibility to growing companies.”

In her highly visible position at MassBio, Perna built relationships across the industry and became a resource to life sciences professionals.  “I helped individuals progress in their careers, and I worked with companies scaling up. I am excited to continue being a part of that, just from a different perspective. The life sciences recruiting market is hot, but Sci.Bio has a unique recruiting model and I think there’s a great story to share,” Perna said.

Perna received her BA from Fordham University with a degree in Communications and American Studies. She also completed the Emerging Leaders Program at UMass Boston in 2014. Over the past year she earned numerous certifications in marketing and social media.


Sci.bio is a fully integrated biotechnology & pharmaceutical recruiting firm that offers its clients flexible, value-oriented recruiting options for filling their clinical, medical, and life sciences job openings. The company provides RPO contract recruitment, executive search, and contract staffing services.

For more information about Sci.Bio please contact Lauren Perna at [email protected]