Amid substantial workforce layoffs
Intellectual property (IP) can be defined as property, such as an idea, invention, or process that derives from the work of the mind or intellect1. IP can be patents, copyrights, trademarks, trade secrets, or specific work product. Each company has its own definition of IP. A company specializing in software development may consider source code to be IP, a company specializing in marketing may consider their contact lists to be IP, whereas a company specializing in consulting services may consider templates for various tasks to be IP.
Human factors (e.g., entitlement, disgruntlement, etc.) combined with environmental factors (e.g., layoffs, job opportunities) can trigger pillars of the key fraud theories, the Fraud Triangle and the Fraud Diamond. The Fraud Triangle 2 Theory is based on the idea that when pressure, rationalization, and opportunity are present, a person is more likely to commit fraud. The Fraud Diamond expanded that theory by incorporating human capability. Capability refers to someone having the necessary traits, skills and abilities to commit theft or fraud. It’s how the fraudster not only recognizes a particular fraud opportunity but turns it into reality3 . In recent news, companies in the tech space are laying off large numbers of employees which can trigger an environment where IP theft can occur.
IP theft may be intentional (e.g., malicious insider or threat actor) or accidental (e.g., human error). An example of intentional theft could be an employee copying source code or taking a company client list or pricing sheet to leverage at a competitor. An example of accidental theft could stem from an employee uploading a sensitive file to an unauthorized public cloud storage website.
Many companies have intellectual property policies that consider employee work product property of the company and not the creator(s). However, there are many examples where adherence to the policy does not happen, or the employee simply chose to ignore the policy. Below are five leading practices to minimize IP theft.
IP theft may be intentional (e.g., malicious insider or threat actor) or accidental (e.g., human error). An example of intentional theft could be an employee copying source code or taking a company client list or pricing sheet to leverage at a competitor. An example of accidental theft could stem from an employee uploading a sensitive file to an unauthorized public cloud storage website.
Many companies have intellectual property policies that consider employee work product property of the company and not the creator(s). However, there are many examples where adherence to the policy does not happen, or the employee simply chose to ignore the policy. Below are five leading practices to minimize IP theft.
KPMG has experience helping organizations proactively manage the risks associated with, as well as respond and recover to incidents of IP theft. From a preventative standpoint, KPMG has deep experience with assessing and maturing cyber programs from a Governance, Risk and Compliance (GRC), Identity and Access Management (IAM), Insider Threat and Data Loss prevention (DLP) standpoint; all of which contributes to the mitigation of IP theft risks.
KPMG has conducted digital forensic investigations related to IP theft cases to help companies and their outside counsel determine the scope of data removed from the company, how it was taken, and have helped prepare reporting and testimony to support civil litigation and criminal actions. In situations where IP theft is identified, KPMG can assist with defensible data deletion support to remove the sensitive information from systems.
Blog authored by: Tony DeSarro, Dennis Labossiere, and Joe Mazzella
