Put A Lid On It If your employees work outside the office, beware: Your competitors <i>are </i>watching.
Opinions expressed by BIZ Experiences contributors are their own.
Wander into any public space, and you're sure to see peopletaking care of business. Whether it's waiting for a flight,eating lunch or standing in line for a latte, employees are workingon the run. It's a common sight in today's fast-pacedbusiness world, no matter where you are.
But are employees and CEOs alike aware of the dangers ofdivulging private company information in public spaces, especiallyin a burgeoning wireless culture that lets us work from anywherewith increasing ease? While technology makes employees moreefficient, it also creates new ways for them-whether it's via acell phone or over a laptop with print in screaming 20-pointtype-to unintentionally divulge sales figures, the details of adifficult client meeting or even product specs and tradesecrets.
If you think that not being a Fortune 500 or Nasdaq company letsyou off the hook, think again, says Naomi Fine, president of SanLeandro, California-based Pro-Tec Data, which helps companiesdevelop strategies for protecting their intellectual property.According to Fine, "The risk can be larger for small companiesbecause one loose lip can sink the whole company."
Nondisclosure Is Not Enough
Businesses of all sizes and in all industries should have reasonto worry because every company has information that differentiatesit in the marketplace, that provides not only a competitiveadvantage, but other benefits, too. A company's internalknowledge can mean the difference in whether its products sell,whether it gets a reputation for being innovative and whether itgains respect. It can also impact the bottom line: A 1998 AmericanSociety for Industrial Security and PricewaterhouseCoopers jointstudy estimates companies suffered $45 billion in losses over a17-month period as a result of privileged information leaving thecompany walls. The survey also concluded that companies seeemployees as the main threat to their proprietary information.
Privileged information is compromised every day while doingbusiness. It's virtually unavoidable. To combat the potentialdamage, many companies require employees to sign"nondisclosure" agreements, or NDAs, which limitemployees from disclosing to third parties information thatisn't already in the public domain. But that falls short,especially when you factor in human nature and modern technology,according to intellectual property law expert Michael Epstein, apartner with New York City-based law firm Weil, Gotshal &Manges LLP. "A nondisclosure agreement isn't enough. Youhave to sit down and say, 'Here's how I want you to usetechnology in public places,' " he says. Plus, Fine says,while NDAs require employees to keep quiet, they often don'ttell employees how to make it happen, such as explaining how theyshould conduct conversations or offering guidelines for the properuse of laptops and cell phones outside the office.
Legal Limits
There are legal reasons to encourage employees to temper whatthey say. The only way for companies to establish intellectualproperty rights, or legal ownership of their ideas, is to show thatpeople within take reasonable steps to protect their proprietaryknowledge. If a competitor overhears your employees talking openlyin detail about product specs and then uses your ideas in its ownproducts, you may not have a legal case. Your competitor can arguethat you weren't protecting your knowledge-it was freelyrevealed in the public domain.
Rashid Khan, CEO and president of Cary, North Carolina-basedInternet firm Ultimus Inc., remembers a time when he and twoco-workers had a meeting scheduled with a large client and wereeating breakfast in a hotel the day of the meeting. A group ofbusinesspeople came in and sat at a nearby table. Khan and hisco-workers suddenly grew quiet to listen as the nearby group'sconversation turned toward shop talk. "It was the salesmanager and team from our main competitor," says Khan, 47."They were in town to make a presentation to the same companythat day." Within a few minutes, Khan's group was privy tothe competitor's strategy.
Employees who fly the "nerd bird," any regular flightbetween San Jose and such high-tech hubs as Austin, are noticeablyquieter these days. "Companies are actively telling employeesnot to do any work while they're on an airplane. It's justtoo easy for people to overhear and see things," Epstein says."Companies have to be extraordinarily vigilant."
Rick Malone, CEO of Broomfield, Colorado-based Kiosk InformationSystems, is one entre-preneur with concerns about informationleaks. His 7-year-old company makes electronic public informationkiosks for such clients as IBM and Disney, and Malone wants toprotect his contracts as well as information about his clients'computer systems. The company did $7 million in sales in 1999 andprojects between $12 million and $15 million in 2000."Nondisclosure is critical in our business," says Malone,43, who has made it clear to his 55 employees that he expects themto stay tight-lipped in public places and be careful about how theyuse technology. He's taking a twofold approach, talking toevery employee about his expectations of proprietary privacy, thenhaving them each sign a nondisclosure agreement that explains theinformation not to be discussed or displayed in public.
The problem is, it doesn't take much for people to starttalking about what they do. For most of us, as soon as we relax,all bets are off. "A general conversation can quickly becomespecific to a company and its clients, especially if someone knowshow to steer a conversation," says Seena Sharp, a HermosaBeach, California, competitive intelligence expert and president ofSharp Market Intelligence, a market research company.
Malone recalls one incident where a client called him withconcerns that a Kiosk Information Systems salesperson might havebeen unintentionally leaking too much information in public. Maloneexplained the situation to the employee. "It was inadvertenton the employee's part. It's really easy for salespeople tolose awareness of confidential information when they deal with itevery day," he says, adding that his sales employees took noteof it and adjusted their habits.
Button It
Telling employees to be cautious outside the office isn'tenough, however. They also need to know how to handle peoplecalling the company to request information, because a little bit ofdata can easily be leveraged. In fact, well-known hacker KevinMitnick gained the majority of his information not by hacking intocorporate computer systems online but by using something called"social engineering"-getting a receptionist to give himthe name of an employee in a key department who was out of theoffice, for example, then dropping that name to others in thedepartment to manipulate source codes and other trade secrets overthe phone. Mitnick's exploits are estimated to have costmillions of dollars. At Motorola, for instance, he gainedprivileged information about the company's StarTac cell phonefrom an employee. In the end, no firewall is strong enough to stopsomeone who knows how to use your employees to gain access toinformation he or she wants.
Khan sees hiring competent people as the key to protectingprivileged information at Ultimus and staying ahead of thecompetition. The 6-year-old company has 50 employees, six of themon-the-go salespeople. Khan relies on the trust factor, believinghis employees understand the limits on free speech outside thecompany walls. "We depend on our employees to use commonsense. We want professional people who know what should not beaddressed in public," he says. The company doesn'trestrict employees' use of technology outside the office."We don't have a formal training program to say, 'Youshould not do this,' " Khan says. "I trust the salesguys to do the right thing. Otherwise, why would I have them here?I actually think they worry more about [leaks] than I do."
Protect It
But relying on your employees' common sense is riskybusiness. According to experts, to protect your company'sprivate information, you should create a written policy thatoutlines what you're protecting and describes what you expectfrom employees when it comes to communication. Here are some othertips:
Educate and communicate. It all comesdown to employee training. Explain to employees the boundaries onconversations in public spaces. If they use laptops, let them knowwhat types of documents shouldn't be accessed outside theoffice. Communicate regularly with employees about the importanceof protecting company information, and, more important, let themknow what exactly needs to be kept confidential. Make it a part ofday-to-day business. If you're in a sensitive meeting, let thepeople in the room know that the information shouldn't leavethe room.
Do some role-playing. Pair employees upand present them with various situations, such as sitting in anairplane or a restaurant, and ask them to have a work-relatedconversation about a project, meeting or client while you listenin. This will give you an idea of what they're saying out inthe field and will help clue them in to how easy it is to leakinformation.
Know how to direct callers. Employeesshould know how to handle callers requesting any type ofproprietary information. Develop a strategy. Teaching an employeeto say something as simple as "I'll have to have him getback to you about that" might just save your company from adevastating loss.
 | |||||
  www.fuld.com: FromCambridge, Massachusetts-based competitive intelligence firm Fuld& Co. Inc., this site offers strategies and tools forprotecting data, links to other competitive intelligence Web sites,a "Rate Your Own Security" test and more.
| |||||
 | |||||
Contact Sources
- Kiosk Information Systems, (303) 466-5471, www.kis-kiosk.com
- Pro-Tec Data, info@pro-tecdata.com, www.pro-tecdata.com
- Sharp Market Intelligence, (310) 379-5179, www.sharpmarketintel.com
- Ultimus Inc., rashid@workflowzone.com,www.workflowzone.com
- Weil, Gotshal & Manges LLP, (212) 310-8432, michael.epstein@weil.com
