What would you do if an ex-employee took your customer list to a competitor? Or a dishonest employee ransacked personnel files for private information? Here’s advice on how to protect your company’s intellectual property and proprietary information.
Last month a Defense Department official, Gregg Bergersen, 51, pled guilty to espionage charges in connection to his leak of classified information that ended up in the hands of the People’s Republic of Chinese (PRC).
“Mr. Bergersen betrayed his oath to serve and protect our nation when he used his government position to access and pass national information to a person he knew was not entitled to receive it,” said Patrick Rowan, Acting Assistant Attorney General for National Security, when announcing the plea acceptance by U.S. District Judge Leonie M. Brinkema. “This case serves as a reminder that espionage networks are relentless in their efforts to steal our secrets and continue to pose a serious threat to our national security.”
According to a Statement of Facts filed in Court with Bergersen’s Plea Agreement, the criminal conduct spanned the time period of March 2007 to February 2008. Pergersen, a Weapons Systems Policy Analyst at the Defense Security Cooperation Agency, an agency within the Defense Department, provided national defense information on numerous occasions to Tai Shen Kuo, a New Orleans businessman.
According to the U.S. Justice Department, the classified information dealt with U.S. military sales to Taiwan. During the course of the conspiracy, Kuo gave Bergersen gifts, cash payments, dinners, and money for gambling during trips to Las Vegas.
This was a classic “False Flag” operation, in which Kuo, unbeknown to Bergersen, passed along to a PRC official the classified information he received from Bergersen. Bergersen now faces up to ten years in prison.
Espionage charges are still pending against Kuo and alleged conspirator, Yu Xin Kang, both of whom remain held without bond.
Unfortunately, this is but one of several espionage cases coming to light this year. Although the Cold War ended with the dissolution of the Soviet Union, Russia, China and a good number of other countries continue to commit espionage against the United States. These include some of our allies and of course, terrorist groups like al Qaeda.
In addition to seeking military secrets our adversaries are also looking for a better way to build the proverbial mousetrap. America is a leading industrial nation and our successful research and development in a number of fields has enticed spies to attempt to steal our information.
I’ve spent nearly all of my working life – man and boy, civilian and sailor – engaged in safeguarding U.S. Defense Department assets. These assets included people, property and equipment, as well as classified information.
From 1970, when I was a 17-year-old sailor aboard an aircraft carrier during the Vietnam War, to 37 years later when I retired from the Defense Department as an administrative officer for a Defense Department command in Philadelphia, I carefully observed information security (infosec) procedures in order to protect classified information. I also served as an investigating officer, appointed to determine if security breeches compromised national security.
But infosecurity is not just for the protection of national security information. Consider a recent case where a Coca-Cola employee stole the company’s crown jewels – the century-old Coke recipe.
Joya Williams, a former executive administrative assistant, was convicted and sent to prison for eight years for conspiracy to steal and sell the soda company’s recipe to a competitor, none other than PepsiCo, Inc. Fortunately, Pepsi told Coke about the illegal offer and an investigation was launched.
“As the market becomes more global, the need to protect intellectual property becomes even more vital to protecting American companies and our economic growth,” David Nahmias, a U.S. Assistant Attorney said after the case. “Unlawfully gaining a competitive advantage by stealing another’s trade secrets can lead straight to federal prison.”
Even small businesses that don’t possess national security information (or 100-year old soda recipes) ought to have infosecurity procedures and practices in place. Although you may not require the more elaborate Defense Department physical and electronic procedures, you should protect your information along the level you protect your property and equipment.
Small businesses generally have in their possession vital business information ranging from their employees’ personal information to customer lists. A businesses’ sensitive and proprietary information, as well as intellectual property, should be properly protected. The Federal Trade Commission (FTC) says that a leak of business information can lead to fraud, ID theft, and lawsuits.
The Federal Trade Commission offers a good guide to protecting information, based on five key principles.
Take Stock: Know what personal info you have in your files and on your computer.
Scale Down: Keep only what you need for your business.
Lock It: Protect the information in your care.
Pitch It: Properly dispose of what you no longer need.
Plan Ahead: Create a plan to respond to security incidents.
To learn more you can take the FTC tutorial at