Apple has a reputation for being extremely secretive in its day-to-day operations. Sometimes, employees don’t know the specific product they’re working on.
In fact, a former employee said he unknowingly worked on the first iPad before it launched in 2010. His team was working on 9.7-inch displays for almost two years, but had no idea why.
But even Apple, one of the most secure and secretive tech companies in the world, couldn’t stop an employee from stealing trade secrets and data.
Former Apple employee Xiaolang Zhang was charged with stealing trade secrets prior to his resignation.
Zhang, who began working for Apple at the end of 2015, was a hardware engineer working on the autonomous vehicle development team.
Details of the company’s autonomous vehicle project have remained secret. But in his role, Zhang had access to Apple’s intellectual property and confidential databases.
Shortly after returning from paternity leave in April of 2018, Zhang submitted his resignation. He explained he was moving back to China to work for XMotors, an electric vehicle startup.
Apple asked Zhang to return all of his corporate devices and he was escorted off campus. Apple immediately disabled Zhang’s network access, badge privileges and other employee accesses.
According to the FBI, Apple reviewed Zhang’s network activity and building access activity. They found Zhang’s network activity had “increased exponentially” days before his return in 2018.
This and other evidence gave probable cause to believe Zhang had stolen trade secrets. He was arrested by the FBI and faces 10 years in prison.
But, this type of data theft can happen anywhere…
It’s unfortunately commonplace for employees to steal data before leaving a company.
In fact, more than 80% of employees planning to leave an organization bring private information or data with them.
Research indicates that employees show “flight-risk” behavior two weeks to two months before leaving.
So, here are some red flags to look for if you suspect someone of planning an exit and taking sensitive data with them whether you’re the boss or another employee.
Internet browsing. You’d be surprised how many employees don’t stop to think that their boss could be monitoring their internet activity.
Look for increased instances of an employee trying to access certain websites. For example, an employee browsing on job search websites or looking at homes in another state or being as obvious as posting their resume on job sites.
Administrator privileges. If an outgoing employee is an administrator it’s even more concerning. If the person has access to company administrative accounts, or SharePoint, pay extra attention.
With admin rights it is much easier to access and steal data.
Have at least two employees with access to certain admin information at all times. This can act like a check-and-balance, as it’s unlikely to have two rogue employees in league together.
Transferring data. Prior to leaving the company, an employee who is stealing will have to transfer the data in some form. Usually, this is done by e-mail, cloud storage or with a USB drive.
But most folks no longer use USB drives to store everyday information, as cloud storage is a better option. So, if you see an employee always using their own USB drive it could be a problem.
Monitoring e-mail is another good way to see if an employee is sending company information.
Emails to a single individual account are typically more suspicious than emails to several people. It’s unlikely a thief would involve a large group in a data stealing scheme.
So, if data is always going to a single outside e-mail this should cause concern.
No matter how big or small a company is they should install the right security measures and monitor employee data transferring at work.