In the seventh installment of our series on actions that employers can take to prevent employee theft or improper disclosure of company data we’ll be discussing red flag behaviors and how to identify them. Employees may take information in a variety of ways, from simply printing the information and taking it home to maliciously deleting or altering information. While not all instances of employee sabotage can be identified before or soon after it happens, watching for certain “red flag” behaviors can help identify problems before they result in major breaches of confidential information.
The FBI’s publication on the Insider Threat: An introduction to detecting and deterring an insider spyprovides a list of characteristics to look for, including the following:
- Greed, financial need (excessive debt or overwhelming expenses), or vulnerability to blackmail (extra-marital affairs, gambling, fraud.)
- Feelings of anger/revenge against the organization. This can stem from problems at work, a lack of recognition, disagreements with co-workers or managers, dissatisfaction with the job, a pending layoff, etc.
- Divided loyalty – allegiance to another person, company, or country.
- Compulsive or destructive behavior, or family problems: drug or alcohol abuse, other addictive behaviors, marital conflicts, or separation from loved ones.
- Employees who are laid off, subject to a reduction in force, passed over for a promotion, terminated, demoted, or required to follow a performance improvement plan.
Similarly, organizational factors may play a role, including how information is handled, the ease of access to sensitive information, and training.
To highlight why identification of potential risks is important, review the White House report on the mitigation of trade secret theft from U.S. companies. The examples of trade secret theft noted in the report include the following:
- A former Ford Motor Company employee copied 4,000 Ford documents onto an external hard drive that he took to China. Ford valued the loss at $50 million.
- A DuPont research chemist whose work resulted in a proprietary chemical process sold the trade secrets to a Chinese university. DuPont valued the loss at $400 million and the chemist was sentenced to 14 months in federal prison.
- A Valspar employee stole trade secrets and attempted to pass them to a paint company in China. The employee bought a plane ticket to China but was apprehended by the FBI and sentenced to 18 months in prison. Valspar estimated the value of the trade secrets at between $7 and $20 million.
Do you agree with the FBI’s assessment of red-flag behaviors? Are there others that should be considered? How does your company monitor and evaluate these types of behaviors?