The Company Man: Interview with Valspar Executive
Andy Ubel, chief intellectual property counsel for Valspar Corporation, discusses his company's experience with economic espionage and the value the FBI brings to such a case.
Andy Ubel, Chief Intellectual Property Counsel, Valspar Corporation:
Yeah my company had first-hand experience dealing with an economic espionage case.
One of our key employees, a lab director, quit one day, wouldn't tell us where he was going.
And we only discovered later that he had downloaded a whole bunch of our data onto his own personal hard drive.
At that time, we had a very loose procedure. People would be exit-interviewed, and in this case, the employee really wouldn't tell us what he was doing, he wouldn't give us any indication of his plans.
And people got a little bit suspicious, but they didn't have any evidence against the employee, so they really didn't know what to do.
And they called the law department. What we did is we asked the laboratory manager to conduct his own little informal investigation.
And we looked at the computer that this employee had been using, and what we found was that he deleted almost everything off of the computer. All traces of his Internet history was gone, he'd scrubbed the computer fairly thoroughly.
So that was suspicious, but it could also be innocent.
Well, at that time we did not have formal processes to forensically diagnose a computer.
But one of our technical people got lucky. He turned on something called the “show invisible files,” and when he did that, all kinds of other files showed up that this employee thought had been deleted, but they weren't.
And one of those files actually was a log file showing us what he had copied.
At that point, we knew exactly what had happened. This employee, over the course of a couple of months, had downloaded pretty much all of our confidential information from his business group.
It was technical trade secrets, it was business trade secrets—it added up to about 44 gigabytes of data.
And what’s scary is, that data can fit on a thumb drive today.
So what we did was we immediately called the FBI to report the theft.
This employee quit on a Monday; Tuesday, we did our analysis; called first thing Wednesday, and there were agents at our doorsteps right away—took it very seriously.
We had daily communication from the FBI from the moment we called.
Every day I would be getting calls from the FBI telling us what they were doing, asking questions, following up on leads.
The other thing that we learned from the FBI was that this employee had booked a one-way plane ticket to Shanghai the following Friday.
So everyone was on a little bit of a deadline because our data was in the possession of this employee who was going to be going to a competitor in an entirely different country.
So we had a deadline, and they were making decisions about whether to detain this employee at the border or seek a search warrant.
They decided to seek a search warrant, and he was arrested the Thursday night before his Friday flight to Shanghai.
Years ago, when an employee would leave, they'd go to another domestic company. And we knew who those companies were, and those companies were still within the jurisdiction of the United States court system.
Nowadays when people leave, they go halfway around the world and you lose control very quickly.
You want to control things, you know, you want to be the party that’s bringing the complaint and pursuing it at your own pace.
And when you're going to the law enforcement, you're the victim, and so you're no longer leading the prosecution, the government is.
But what we found was that the FBI took the matter incredibly seriously.
They jumped right into the case, and in the span of a few days had really wrapped up the case.
Well, there was concern at the beginning, everyone’s concerned, "Oh if we have to go to trial all of our trade secrets will be made public," but that’s not the case. There’s laws in place to protect the victim companies.
And the first thing that the U.S. Attorney’s Office did with the FBI was seek a protective order through the court to protect our trade secrets so they would not be disclosed in open court, and that made everyone feel very, very much better.
You know, prior to our incident we had what I would call very typical security. People had passwords to get into the computer system, but they had access on a kind of nice-to-know basis.
That’s wrong thinking. It should be on a need-to-know basis.
What we've done is put in place a tool that monitors our important information, and we're looking at what people are doing with our trade secret formulas or our trade secret business information.
If they're accessing that information or a file containing that information, then we're logging it and keeping track of it.
Our own incident was a trusted insider who betrayed us, and, initially, our focus was on stopping that problem. So we were focused on our data security and what we called data loss prevention.
I've since learned that there’s a lot of external hacking threats that you have to focus on.
What’s happening now is there’s organized groups that try to get into your system—not to just root around and have fun—they're there to steal your information. And they do it in a manner that you don't even know it’s happened.
Our own good employees could have their passwords stolen, and then the access that they would have would be vulnerable.
So this outside threat is real, it’s persistent, and we've learned an awful lot about how that threat is manifested.
So we've spent a lot of time hardening our computer systems against those problems.
I think the loss of trade secrets becomes a slow, inevitable decline of your company. It’s not all going to happen tomorrow, but you're going to lose that competitive edge that makes you special to your customer and to your investors. And over time, your company just won't be as valuable.
I would say if you have a budget for research and development, you should have a budget for information security. Otherwise, you're just doing the research and development for your competitor.
Our employees are given periodic education on how to handle trade secrets.
They're educated through a variety of mechanisms, one of which is the computer basically reminding them if they're using a secret document, that it’s a secret document and that they have to be careful with it.
Ultimately, your employees, wherever they are, need to realize that they're all in the same boat. And if they're helping someone steal information from the company, it’s only going to hurt the company and their job prospects.
If our company has a theft of IP, it’s going to mean lower profits, lower bonuses for people, fewer jobs in the future.
So it’s in everyone’s interest to watch out for the intellectual property. We drive that home, and it’s totally accepted by our employees that that’s the reality.
We got lucky, we caught someone by luck. We don't want to be in that position again, we want to know in advance.
- 10.12.2018 — Wanted by the FBI: Lamont Stephenson Added to Ten Most Wanted Fugitives List
- 10.11.2018 — New Sit-Up Protocol for FBI Mandatory Physical Fitness Test
- 10.03.2018 — FBI Phoenix: Mismatch Bandit, September 25, 2018 Walgreens Pharmacy Robbery
- 10.03.2018 — FBI Phoenix: Mismatch Bandit, September 15, 2018 Subway Shop Robbery
- 09.24.2018 — Daughter of Slain Virginia Trooper Seeks Clues in Unsolved Case
- 09.24.2018 — FBI Crime Data Explorer
- 09.04.2018 — Facebook Live Event: An Inside Look at Physical Fitness
- 09.03.2018 — Smithsonian Assists FBI in Minnesota Ruby Slippers Case
- 08.30.2018 — Protected Voices: Information Security (InfoSec)
- 08.30.2018 — Protected Voices: Wi-Fi
- 08.30.2018 — Protected Voices: Social Engineering
- 08.30.2018 — Protected Voices: Virtual Private Networks
- 08.30.2018 — Protected Voices: Safer Campaign Communications
- 08.30.2018 — Protected Voices: Router Hardening
- 08.30.2018 — Protected Voices: Patching, Firewalls, and Anti-Virus Software
- 08.30.2018 — Protected Voices: Passwords
- 08.30.2018 — Protected Voices: Incident Response
- 08.30.2018 — Protected Voices: Have You Been Hacked?
- 08.30.2018 — Protected Voices: Cloud-Based Services
- 08.30.2018 — Protected Voices: Browser and App Safety