Current events: Sony Ericsson a victim of its own employee

By sal at 10:54 pm on January 16, 2009 | 7 Comments

Issues of stealing physical or intellectual property (physically or electronically) in the context of a malicious company insider are closely interrelated, as some common prevention mechanisms can be adopted for both.

According to the recent article by Mikael Ricknas, cell phone prototypes were stolen from the company by its own employee. As Mikael points out, despite the fact that total cost did not exceed about $90000, there could have been bigger indirect losses if competing companies were made aware of these designs.

As one of my employers at one of the security companies I worked for mentioned, “opportunity” is the key word for why thefts occur. Company employees often have the most of such opportunity. Even employees with good intentions, as mentioned in an article by Alex Johnson, Cybercrooks’ best friend? Experts say it’s you are among the biggest threats to company security.

Depriving company employees of all of such opportunities is an impossible task as long as it has employees, but significatly reducing chances of such breaches from occuring is possible by at least two well-known means. The latter article mentions commonly cited policy of “least privilege” as one of the ways of prevention. Also, electronic monitoring and recording of activities and making employees know of such monitoring, or at least creating an impression of the existence of such monitoring could be another one of the most effective methods for deterring or shifting away such crimes.

Some ethical issues, such as privacy protection, employer-employee trust will, apparently, arise from overusing some of the methods, and companies will always have to find a good balance. Although Sony Ericsson did not appear to disclose much details about the event, it is, undoubtedly, beneficial for society in general that crimes of this type are made public, as it emphasizes the problem, and (in case if arrest followed,) can serve as yet another deterrent.

Filed under: Current Events,Ethics,Physical Security,Privacy7 Comments »

7 Comments

  • 1
    Get your own gravatar for comments by visiting gravatar.com

    Comment by victoria

    January 19, 2009 @ 3:19 am

    What?
    that is horrible, hope the thief arrested immediately

  • 2
    Get your own gravatar for comments by visiting gravatar.com

    Comment by eyezac

    January 19, 2009 @ 5:13 pm

    These techniques aim to make employee theft more difficult, but they don’t address the employees’ motivations. If employees felt they had a bigger stake in the success of the company, they would have less to gain by stealing from it (Palantir?). Even better, I would wager that if everyone could be sure of having enough food, shelter, and medical care to live healthy, comfortable lives, employee theft would decrease by at least an additional 1/4 (my calculations)! It might even be worth the cost.

  • 3
    Get your own gravatar for comments by visiting gravatar.com

    Comment by seraphim

    January 22, 2009 @ 2:58 pm

    Certainly this is a security breach that needs to be addressed, but additional security measures can only go so far. As eyezac put it, security measures can deter theft, but employers need to be aware of the larger issues surrounding employees’ motivations for theft. If a worker is happy where they are working, they will have no reason to sabotage the company. The principle of least-privilege will help cut down on infractions by not giving employees power where they shouldn’t have it, but as we’ve seen many times before, it’s not only low-level employees that may be unhappy with their jobs. Managers with significant power and influence can easily become disgruntled as well. The flip side of that coin is that if you do restrict privilege too much, employees may not be able to work effectively, and the company will suffer regardless. All of this can serve to remind us that while security is incredibly important, it’s still just a means to an end, and if it impedes progress more than it allows, it’s become ineffective.

  • 4
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Sean Miller

    January 22, 2009 @ 3:10 pm

    The human factor in most security systems I’ve seen seems to be the weakest link. The solution of employee monitoring arises, but with it the conflict of privacy and the image of the heads of the company being some kind of “Big Brother”. It appears to me that the more security we have in place to protect sensitive data, the more obtrusive it becomes. Balancing security and this level of obtrusiveness that comes with it to make employees happy is difficult.

    Giving employees satisfaction in their pay/job rewards/etc is likely the best way to boost morale which would cut down on backlash like this towards the company.

  • 5
    Get your own gravatar for comments by visiting gravatar.com

    Comment by vkirst

    January 23, 2009 @ 10:58 am

    It’s interesting to think about how a different spin on a situation can affect one’s judgment of the ethical/security issues involved. A lot of employees (especially young employees) at large companies such as Sony, Apple, or Microsoft are surrounded by state of the art gadgets. Many times the physical security of prototypes are not very secure; prototypes are given away for testing purposes or in-house gifts. Oftentimes some young engineer wants to hookup his buddies with free prototypes of the latest technology, so he picks up a couple of extra prototypes on the side to distribute freely or for some small cost to his friends – in fact, I overheard someone in the CSE basement talking about a recent CSE grad who does just this. From a student perspective, this is a neat, innocuous “connection” to get free or discount technology. Even satisfied employees will do this, not just ones who are maliciously trying to hurt the company. Security measures might stop theft on the large scale, but on the small scale it will be very difficult to stop – and small individual thefts certainly add up.

  • 6
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Lisa P

    January 23, 2009 @ 9:30 pm

    In security, the hardest thing to deal with is not viruses or any program that is used to attack, but human, that’s what I think. If a company was attacked by a virus, they will try to make a program to avoid it to spread out. However, if they got attacked by their own employee, it’s a different case.

    We can never read one’s bad intention. Even good friends could betray one another. How about employees? That’s why a company has to give strict limitation to their employees to prevent them from stealing or giving important information to others. “Who to trust” is a difficult question to answer..

  • 7
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Downtown Toronto Houses

    January 24, 2009 @ 1:06 am

    employees like that should be punished because the company is doing the best but an intruder just silently steals thats really horrible

RSS feed for comments on this post