Help wanted – willingness to share trade secrets a must

How much do you know about FOAMGLAS? Not much?

Thought so…

If you worked at Pittsburgh Corning’s facility in Sedalia, Missouri, you probably know a lot about FOAMGLAS. Up until recently, Ji Li Huang, and Xiao Guang Qi would have loved to chat with you. In fact, if during that “chat” you agreed to share what you knew about FOAMGLAS, in return you might have ended up $100,000 richer. That’s what the US government alleges at least.

Apparently, Pittsburgh Corning recently made major advances in the formulation and manufacturing process associated with FOAMGLAS. Just so you know, FOAMGLAS is used in liquid natural gas (LNG) tanks.

Which country has the greatest demand for FOAMGLAS? China – it has 10,000 LNG plants.

I’ve discussed the theft of trade secrets numerous times on this blog. What makes this case unique is the fact that Huang and Qi allegedly placed an advertisement in a local newspaper that solicited “technical talent” with experience at the Pittsburgh Corning plant. The advertisement indicated that there was a project lead vacancy associated with the building of a foam glass factory in the Asian market. What they really wanted was information, presumably to launch a competing product. That’s speculation on my part… Coincidentally, Pittsburgh Corning just announced plans to open a facility in China.

Thankfully, the FBI stepped in using an undercover employee from the company. The plan that the undercover employee shared with Huang and Qi involved the employee breaking into the engineering department and stealing equipment related drawings. The FBI helped coordinate the exchange of the documents and the corresponding payment. Huang and Qi are now in custody awaiting court hearings.

Should the allegations noted above result in convictions, it will represent another example of a U.S. based company creating intellectual property that attracts unwanted attention from foreign competitors. From what I can tell so far, Pittsburgh Corning did everything right. How many companies are not so well prepared?

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

Intel engineer helps himself to $400 million

Photographer: Stephen McCormack

Intel Corporation is a world-class organization that has dominated the market for computer chips for many years. In fact, there is a high probability that the device you are using to read this post has an Intel chip inside. However, based on a recent case involving Biswamohan Pani, an Intel Senior Staff Engineer, it may need a little help protecting its intellectual property.

According to the FBI, here are the facts of the case:

  • From February through April, 2008, Pani was looking for a job at other computer chip manufacturers and ultimately obtained a job at Advanced Micro Devices Inc.
  • Pani kept his job search secret from Intel. (Why wouldn’t he?)
  • When he announced his departure on May 29, 2008, he told the company that he might work for a hedge fund
  • Pani told Intel that he wanted to take the next one-and-a-half weeks as vacation until his last day at work on June 11, 2008
  • Unbeknownst to Intel, Pani had started downloading from Intel numerous secret documents about Intel’s manufacturing and design of computer chips. The intensive downloads began on May 28, just before he announced his departure, and continued on May 29
  • Pani started working at AMD on June 2, while he was still on Intel’s payroll and still had access to Intel’s computer systems
  • On June 8 and June 10, Pani remotely accessed Intel’s computer system numerous times and downloaded 13 of Intel’s most valuable documents
  • Along with other confidential and proprietary information, Pani downloaded a document explaining how encrypted documents could be reviewed when not connected to Intel’s computer system
  • Pani backed up the downloaded files to an external hard drive for access after he left Intel
  • On June 11, 2008, Pani reported to Intel for his exit interview and falsely stated that he had not retained any of Intel’s property, when, in fact, he had kept the electronic equivalent of boxes full of downloaded documents and some printed Intel documents at his apartment
  • Documents taken by Pani were found a month later when the FBI searched his home. Intel has valued those documents as worth $200-$400 million, at minimum
  • The FBI was able to recover these documents quickly, before Pani could use them to Intel’s disadvantage, largely because Intel reported the theft quickly and assisted the investigation. AMD also cooperated with the investigation, and there was no evidence that AMD or its employees had asked Pani to take these documents or even knew that he had them

Based on the fact pattern above, it appears Pani knew exactly what he was doing. He grabbed documents before, during and after Intel knew that he was leaving. He also bought time by convincing Intel that he was leaving the industry. I can’t imagine that lying about his ultimate destination stopped Intel from blocking his system access. They probably just forgot to do it. After all, Pani was still on the payroll and “burning” his vacation allotment. Why block an active employee?

Who knows what actually took place, the net result was that Pani had one-and-a-half weeks of access to Intel’s systems during which time he did the most damage. So how did Intel figure out Pani had stolen trade secrets? Clearly, after the fact, but not much else has been mentioned in the media.

This case is eerily similar to another case that the FBI investigated involving Sanofi-Aventis. Is it really that easy to steal trade secrets from Fortune 500 companies? Apparently so…

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

A billion dollar industry and it ain’t legal (Hint: it used to be a secret)

All is not right with economies in the Western world. The US remains in a malaise while several European economies teeter on the brink of the abyss. The UK just entered a “double dip” recession and as a major trading partner for the US, we’ll surely feel the impact here in the coming months. There are many reasons for the current economic crisis. Without doubt, risk taking on Wall Street and the reckless spending that it helped fuel and support is largely to blame for where we find ourselves today. That’s history. Done. We can’t change it, we can only learn from it.

I am far more concerned with how we move forward. How does the US economy dust itself off and lead the world to better times? If there was a “magic bullet” we would have used it by now. I guess time will tell whether the decisions being made today in both the public and private sector will hurt or help.

One thing I can tell you is that US businesses are making the recovery far more difficult than it needs to be. Don’t believe me? Would you believe Pamela Passman, the president and chief executive officer for The Center for Responsible Enterprise and Trade (CREATe.org)—a Washington-based non-profit industry group focused on responsible business practices?

“Failure to address the challenge of trade secret theft costs industry billions of dollars each year and can have devastating reputational, financial, and legal impacts for individual companies and the global economy as a whole.”

CREATe.org just released a report entitled Trade Secret Theft: Managing the Growing Threat in Supply Chains‘. The report claims that trade secret theft costs industry billions of dollars annually and serves as a critical impediment to innovation, job creation and sustainable economic growth.

What does the US economy need today? How about innovation, job creation, and sustainable economic growth! US companies are literally allowing one element of the solution to the country’s economic woes to slip through their fingers into the hands of foreign competitors – many of which reside in China. Chapter 3 of the CREATe.org report states that “The weak rule of law in many countries makes it all but impossible for multinational corporations to address trade secret theft after the fact”.

Once a trade secret is gone, it is gone for good. No second chances.

Many companies sound concerned, but what are the really doing to combat the threat? Passman states the following,

“Over the past several months, we have engaged with representatives from more than a hundred multinational corporations and have been struck by the deep and pervasive concern over trade secret theft. We heard universal agreement about the need for broader awareness of the challenge and better practices and systems to help address the issue internally and externally with suppliers and business partners,”

Sorry folks, talk is cheap in this situation. In many cases, the companies that “lose” trade secrets have only themselves to blame. This is not a new problem! There is plenty of evidence available from law enforcement and non-profit agencies such as CREATe to show that trade secret theft happens on a regular basis. Goodness knows how many instances are covered up and never hit the business press.

I sincerely hope that CREATe report triggers action. The US is an intellectual property powerhouse but we can’t keep giving the stuff away. In my next post, I’ll highlight some basic steps that companies can take to protect their trade secrets. No magic bullets, but certainly more than many companies have in place right now.

As it relates to intellectual property theft prevention, “the ball” is firmly in the court of US companies. Let’s hope no one steals it before they realize that they have it.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

Have trade secrets, will travel…

We regularly hear from the U.S. government about the theft of intellectual property by Chinese companies and their government. This is just one of several examples that I have reviewed and analyzed in the past week. I am sure that there are many more attempts that go unreported.

In February 2012, Hanjuan Jin, a former software engineer for Motorola, Inc., was found guilty of stealing more than 1,000 electronic and paper documents from Motorola. Jin was caught by U.S. Customs while attempting to catch a one way flight to China. She had worked for Motorola since 1998. Why did she decide to steal Motorola’s trade secrets? Had she stolen intellectual property prior to 2007? We’ll probably never know…

The 2007 theft was not a “spur of the moment” decision. It had been in the planning phases for approximately a year.

In February 2006, Jin took a medical leave of absence. Between November 2006 and January 2007, Jin flew to China and worked for Sun Kaisens, a Chinese telecommunications company that developed products for the Chinese military. Jin had already spent June through November 2006, in China negotiating with Sun Kaisens. While working for Sun Kaisens, Jin was provided access to classified Chinese military documents.

In February 2007, the plan to steal trade secrets from Motorola kicked in to high gear:

  • February 15, Jin returned to the US from China.
  • February 22, she bought a one way ticket back to China.
  • February 23, she notified Motorola she wished to return to work.
  • She went back to work on February 26. Once back on the company’s premise, she accessed large volumes of proprietary documents during normal work hours as well as after hours. She was also observed leaving the building with various documents and possibly a laptop.
  • February 27, she volunteered for a layoff from Motorola.
  • February 28, Jin was caught trying to leave the country with over 1,000 electronic and paper documents belonging to Motorola. She also had a number of documents marked “secret” belonging to the Chinese military.

Interestingly, Jin was found her not guilty of three counts of economic espionage for the benefit of the People’s Republic of China and its military. She faces a maximum penalty of 10 years in prison on each count of stealing trade secrets.

Given Jin’s frequent trips to China, and the fact that the theft had been in the planning phases for 12 months, it is anyone’s guess regarding how much of Motorola’s intellectual property Sun Kaisens or the Chinese government were able to gain direct access to. Since Jin spent time in China prior to the theft attempting to convince Sun Kaisens to employ her, she likely shared information from memory. Also, since Jin had been employed with Motorola since 1998, it is possible that she had taken information over time in the event that a move to China was in her future.

This case underscores why it is important to protect your company’s trade secrets. Ask yourself the following questions:

  • Does your company have trade secrets? Can you list them?
  • How are they used within the business?
  • Where are they stored?
  • What has the company put in place to control and monitor access?
  • How would the company know that an employee is about to steal trade secrets?

There are a number of additional questions involving the alignment of people, processes and technology and the protection of trade secrets, but the questions above should generate sufficient food for thought.

Protecting trade secrets requires a multipronged approach. If there are any gaps in the approach, employees or third parties intent on stealing intellectual property will find them. Don’t believe me? Sanofi-Aventis also has experience dealing with Chinese foreign nationals and the theft of trade secrets. For more on that case, click here.

Arguably, the theft of intellectual property can do more damage to a company than the theft of cash. A company can earn more money to replace the money that was stolen, but once a trade secret is no longer “secret”, the damage is done. Many companies look to the legal system to punish the entity or individual that stole their trade secrets. Certainly, the courts can help. But if your organization cannot demonstrate that it took steps to appropriately protect its trade secrets, the courts may not look too kindly on your claim.

Be proactive! Invest the time and effort to protect your company’s intellectual property. Once your intellectual property is in stolen, you may be a company in name, but in reality, you are a shadow of your former self.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

“There’s Gold in Them Thar Hills”

A Hooter

The lawsuit involving Hooters and Twin Peaks has already triggered a wave of clever, and not so clever, headlines, but it is really no laughing matter. (With this post, I suppose that I just added a headline to the list. You be the judge as to which category it falls into.)

The dispute involves Joe Hummel, the former  EVP of operations at Hooters. Hooters alleges that as he was leaving the company, Hummel stole over 500 pages of sensitive business information and trade secrets.

He is now employed with La Cima restaurants. Unfortunately for Hooters, La Cima is in the process of launching the Twin Peaks restaurant chain (any guesses what the new chain will “feature”?). Before joining La Cima, Hummel allegedly downloaded Hooter’s marketing plans, contract agreements, recruiting tools, and sales figures – some or all of which are likely trade secrets – and then emailed them to himself using his personal email account. If this is true, how could it have been prevented? I regularly help companies prevent IP theft, and I can tell you that there is no easy fix. Instead, it requires a multi-pronged approach using the right mix of people, processes, and technology.

What is a trade secret anyway? The short answer is whatever you say it is! The more detailed answer is that a trade secret must be secret (not widely known), be of value because it is not widely known, and treated as a secret at all times. In this case, it is not entirely clear if all of the information that Hummel allegedly took would meet the definition, but at face value, certain elements would appear to fit the bill. I would strongly suspect that Hooter’s marketing plans were not widely available within the company or the industry as a whole. Would the marketing plan be of value because it is not widely available? Ultimately, that is for the courts to decide.

Asking the courts to pursue employees that steal trade secrets is certainly within your company’s rights, but I would liken it to putting toothpaste back in the tube once squeezed. It is time consuming and potentially very messy, and the end result may not justify the effort.

Does your company have any trade secrets? (Hint: the vast majority do.) What have you done to protect them? Could an outgoing executive steal your company’s trade secrets? Would you even know?

If the answer to any of the questions above causes concern or leaves you wondering about how well protected your trade secrets may be, we can help. Just don’t wait until a theft occurs. By that time, the toothpaste is out of the tube…

Hooters is not alone in dealing with this type of situation. Given the glamorous nature of their business, they are unlucky enough to attract media attention when things go wrong. That said, could your company be next?

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

5 facts about fraud that most companies learn the hard way

Source: Soldiers Media Center

Fraud happens. Often. Here are just five facts that companies learn the hard way when fraud occurs:

Fact #1 – Fraud does not happen on the company’s timetable.

Revenues are up. Revenues are down. It doesn’t matter. The company could be experiencing the best of times or the worst of times. The fraudster doesn’t care. All he or she wants is money. Fraud will happen on the fraudster’s timetable. He or she decides if, when, how much, and how often. If the company has countermeasures in place, the fraud may be prevented or the losses kept to a minimum. With little or no countermeasures in place, however, watch out.

Fact #2 – Fraud scares people, especially senior executives.

When I meet with clients, I often tell them that fraud is a small word with big implications. In my experience, senior executives are most often apathetic when it comes to discussions regarding fraud. That is, until they are made aware of an actual fraud taking place on their watch. Then they become exceptionally nervous and spend a great deal of energy worrying about what will happen. They don’t know what they don’t know, and that makes them nervous, sometimes angry, and generally apprehensive about the future. Is this my fault? Will I be blamed? How much money will we lose? Will we get it back?

Fact #3 – Fraud prevention is an afterthought in most companies.

When meeting with a new client, we want to gain a sense of the overall maturity of their efforts to prevent, detect, and investigate fraud. Below is a small selection of the questions that we typically ask:

  • Do you have an employee hotline? How do you measure its effectiveness?
  • Do you have a fraud case management database? If so, when was the last time the information was used to develop proactive countermeasures?
  • What controls do you have in place to prevent and detect fraud? Who “owns” control development, deployment, and testing?
  • What policies and procedures do you have in place to ensure that employees are unable to steal your company’s intellectual property? When was the last time someone tested their effectiveness?
  • How often does fraud take place in your industry?
  • Have you incorporated “lessons learned” from fraud at other companies?
  • Who is responsible for fraud prevention, detection, and investigation within your organization? If separate departments, how often do they meet to share intelligence?

Very rarely will senior executives answer these questions without providing some potential areas for improvement. Most often, they struggle to answer at least one or two of the questions, which can lead to some uncomfortable silences and pained expressions. That’s OK. We know that fraud prevention is an afterthought. It shouldn’t be, but it is. Most companies don’t think about fraud until it happens or they narrowly avoid taking a loss. I personally want to change that. There is no reason that companies need to experience the vast majority of employee and third-party fraud. A company will never be fraud free, but it can certainly make it much more difficult for fraud to happen.

Fact #4 – Fraud investigations are easy to screw up.

Investigating fraud, particularly employee fraud, is much more complicated than it appears. Employees have rights, and lots of them (as they should). If in the course of an investigation a company violates those rights, the “hunter” can become the “hunted.”

Let’s consider a real-world example.

Local law enforcement thinks that one of your employees, Bob, is involved in drug trafficking. Your internal audit department is also investigating Bob. They plan to talk with him next week regarding some missing inventory. A detective from local law enforcement wants internal audit to ask a couple of questions that would help him with the drug investigation. In fact, the detective really wants to be in the room during the meeting. Helping law enforcement is a good idea, right? We might need them to help go after Bob for the inventory we think he has stolen. Would we screw up the investigation by helping law enforcement? How? We’ve already sent an email to the detective detailing the inventory theft. The detective agrees – this guy is a criminal!

(Hint: this investigation is destined for failure.)

Screw up an investigation, and you may be forced to rehire the employee that allegedly committed fraud as well as pay lost earnings and possibly even a fine. Trust me, it happens.

Fact #5 – Fraud losses are rarely recovered.

We’d like to think that law enforcement can reach out and claw back the proceeds from a fraud whenever needed. The truth is that most of the time, the proceeds are long gone. Fraud schemes typically last a median of 18 months. During that time, your company’s money is burning a hole in the pocket of the fraudster. They want to buy goods and services, pay down debt, stop foreclosure, share their good fortune with family and friends, etc. The last thing they want to do is deposit the money in their bank account and watch it gather interest (although in very rare circumstances, this does happen).

Notwithstanding the fact that fraudsters want to spend the proceeds, the truth is that law enforcement is often unable or unwilling to help companies recover fraud losses. Law enforcement is overstretched. At the local level, detectives in small cities are assigned all manner of cases, from petty theft to murder. In larger jurisdictions, detectives have an overwhelming case backlog that is closely tracked by their superiors. Financial crimes can be extremely complicated and time consuming to investigate, especially if the detective does not have a financial background. Detectives need to close cases – quickly. At the federal level, the bar is even higher. A six-figure loss may be devastating for your company, but it may barely raise the eyebrow of an FBI special agent in a large metropolitan area. With no connection to organized crime, drugs, or terrorism, the case file may be shelved and forgotten.

I strongly support law enforcement and have worked with some very talented local, state, and federal agents. However, we really can’t expect them to pursue every fraud that hits their desk. Let’s be honest; why should we expect law enforcement to help recover losses when so many of them could have been easily avoided?

If you have additional “facts” that you would like to share, please feel free to add a comment.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

“We love our customers” – Then why don’t you protect their information?

Source: Surely

Sure you do. We all love our customers, right? They literally pay our bills. Then why is it that so few companies take steps to protect their customers’ information?

As I discussed previously, it is not unusual for employees to take the entire contents of a customer relationship management system on to their next employer.

Here are ten steps that can help protect your customers’ information:

  1. Select a CRM solution that has robust security features built in.
  2. Grant access only to employees that have a business need.
  3. Monitor employee access, usage, and manipulation of CRM data.
  4. Limit users’ ability to download the contents of the database.
  5. Don’t allow users to view accounts that belong to other salespeople.
  6. Ensure that all users have the most up-to-date virus scanners on their computers.
  7. Terminate access as soon as an employee leaves the company.
  8. Encrypt mobile phones and laptops used to access the CRM platform.
  9. Ensure that a log of records printed and emailed is available and frequently monitored.
  10. Subtly let employees know that your company monitors what they do with the data.
There are additional steps that I typically recommend, but that’s more than enough for now. Your customers thank you for reading this list.
Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

Say goodbye to your customers

Source: d70focus

They’re all gone. Every single customer you had has just walked out the door. No one told you. They didn’t ask permission to leave (why would they?), but rest assured they are gone.

Your phone calls to customers are not returned. Emails are ignored. You’re still waiting patiently for that sales order that will make it all worth the effort. It’s not going to happen. Ever. Your business is toast.

Mike in sales left last week. “Not a big loss.” “Where is he going? Never mind…who cares?!?!”

Mike, the salesman no one was sad to see leave, left with the contents of your entire customer relationship management system (CRM). He also took all your company’s sales manuals as well as your company’s pricing process and cost structure. Mike and his new employer now have all they need to “win” business from your company’s customers. Their calls are being returned. In fact, they just won a huge order from your company’s biggest customer.

CRM is a blessing and a curse. Companies can benefit tremendously from having a complete record of their interactions with customers. However, giving your entire sales force access to your company’s CRM solution can result in exactly the scenario I detailed above (by the way, this is a real case that I investigated).

Think of it this way: you’re having a dinner party at your house for 20 of your company’s employees and significant others. When the guests arrive, you tell each of them to take an unaccompanied tour of the house. Make sure that you have all of your valuables on display, your wallet with cash clearly visible, your watch and jewelry sitting unattended for all to see. What are the chances that something will go missing? Do you really want to take the chance? In the event that something goes missing, how will you catch the thief?

Certainly this scenario is an extreme example to illustrate a point. But that’s the idea. It doesn’t make any sense to let 20 employees and their guests wander around your house when all of your valuables are left scattered around! Yet companies routinely grant employees unfettered access to their CRM database.

My next post will discuss best practices for preventing theft of CRM data. In the meantime, take the time to think about your company’s CRM solution. Would you know if “Mike” from sales had downloaded your entire customer database just before he left the company?

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com