This case holds two important lessons for your organization, regardless of your field of competition.
Lesson One: It Can Happen To You.
True, baseball stats are not nuclear codes. However, Ground Control held what was called the Astros’ “collective baseball knowledge”. It contained informed judgement by the teams’ professional staff and certainly involved many hours to compile. It was designed to give the team an information edge.
If a professional sports team can be a target, then so can your organization. Take stock now of the proprietary information in your organization’s possession. What are the most important “crown jewels” your organization needs to protect? Whether these are defense secrets or customer lists, they are nevertheless important for your organization’s successful mission.
Lesson Two: The Insider Threat Does Not End When Employees Leave.
In preventing insider threats and corporate espionage, you need to consider departing employees. Have you verified that restrictive covenants like non-disclosure agreements are in place? Have you completely shut off access to your proprietary networks by closing old accounts and changing passwords? Do you monitor remote access for suspicious activity?
Information fraud, theft, corporate espionage, and sabotage can all occur if ex-employees still have access to the system. This is not a minor problem. Research by Carnegie Mellon University shows that 70 percent of insiders who conducted information theft acted within 60 days of their end of employment.
Somewhat fortunately in this case, the Cardinals’ appeared to use stolen passwords to spy on their rivals, not delete their data. But, like with other stolen intellectual property, only time will tell whether it creates a measurable competitive advantage to the detriment of the Astros.
Like the umpire’s brush at homeplate, it’s time to dust off your insider threat program by taking stock of your proprietary information and controlling access to it.