Today's guest post is by Peppercommer Matt Purdue.
The Edward "Snowjob" Snowden affair is the most intriguing corporate espionage case since Alexander Graham Bell borrowed Antonio Meucci's plans for the telephone. As a review, Snowjob is the former government contractor who leaked details of the U.S. government's massive citizen surveillance program to the press. (For a chuckle, watch two cable news talking heads “debate” whether Snowden is a hero or villain.)
If you're thinking this is yet another blog about how the National Security Agency, Central Intelligence Agency, et. al., should have handled this crisis…think again. This blog implores you to ask yourself one simple question: Could we have an Edward Snowden working at our agency? Obviously, your staff has access to various and sundry proprietary data from clients of all types. Whether you admit it or not, one leak — even an inadvertent one — can sink your agency's reputation. Here are five tips for reducing your risk.
1. What happens at work…: Remind every employee, freelancer and business partner that they are under strict non-disclosure agreements, and remind them of the serious criminal and civil ramifications of breaching them. Tell them you don't suspect anyone, but you're also stepping up your internal monitoring procedures. Trust in God, but tie up your camel.
2. Who done it? Set up a confidential whistleblower program. Such a program should have two components: first, it should protect the identity of an employee who reports a colleague for leaking info; second, it should reward the whistleblower with a bonus if the leaker is successfully caught.
3. Monitor thyself: Continually scan the digital sphere and social media for both news about your agency and to discover what your employees are up to. Your summer intern just tweeted about a great meeting she had with your new client — your new defense contractor client. Shut her down.
4. Know your employees: The latest word on Edward Snowjob is that he took his position expressly to gain access to the sensitive info he leaked. How well do you really know your employees and new hires? Many companies conduct background checks. If yours doesn't, it's time to start. Same goes for your contractors and business partners.
5. Have a plan: While you've been busy creating crisis plans for clients, what about your own? What would you do if you discovered a leak on your own? Worse yet, what would you do if someone outside your agency found out first? Failing to prepare is preparing to fail.
Thanks for your comment, Julie. We love the camel, too. The idea of a whistleblower program is borrowed from financial services. The Securities and Exchange Commission and many financial firms have set up such schemes to encourage people to report malfeasance. The SEC whistleblower programs promises tens of thousands of dollars in rewards. So far, it seems to be working pretty well.
Excellent post; I agree on most of your points. I just wonder how well #2 would work in reality. It sounds good in theory, however, I would never want to be rewarded for snitching on a colleague. Unless he or she is doing something that will harm the firm, it’s none of my business.
Ok – so now I’ve opened up a can of worms… feel free to weigh in!
PS – Love the camel photo