When the interview process becomes an opportunity for intellectual property theft.
By: Natalie Zimmerman
We had found the perfect candidate for a principal scientist job that we had been having a difficult time filling—on paper, a well-qualified molecular biologist with degrees from top universities and impressive biochemistry skills.
When he came in for the interview, however, he seemed more interested in the facility than the actual job, and he asked a number of questions not related to the role. By the end of the interview, it was clear that he wasn’t a fit—despite his impressive credentials on paper, he didn’t seem to have any transferable skills or interest in the role. While most who had interacted with him chalked up his strange demeanor to simply being a poor candidate for the job, it turns out he had in fact been using the interview process to access intellectual property that pertained to specific formulation for an RNA therapeutic. We had been victims of attempted intellectual property (IP) theft via corporate espionage.
IP theft involves the stealing of data towards economic gain, and occurs between companies, corporations, and sometimes foreign governments. The candidate interview process creates a unique opportunity for these transgressions, as many interviewers might not even notice a candidate taking a picture of a confidential whiteboard, stealing a USB drive, or taking a sensitive document left on a common printer. As the life sciences industry has returned to the pre-pandemic norm of in-person interviews that involve multiple sessions over long days, there are now more opportunities for a candidate to be left unattended on-site between interviews and steal valuable IP. While it’s been outlawed by the Economic Espionage Act of 1996, it’s unfortunately still a relatively common practice.
According to the U.S. Commission on Theft of American Intellectual Property, the annual cost to the U.S. economy from this kind of IP theft is on the order of hundreds of billions of dollars. Life science and biotech companies are some of the hottest targets, uniquely susceptible due to the fast pace, frequent directional change, and often poorly governed processes. In a recent survey by cybersecurity company Code42, 70% of the life sciences industry saw a rise in data loss incidents in 2023.
While the interview process can indeed provide a perfect opportunity for IP theft, it can also take place under other circumstances. Previous employees of your organization may still be able to access sensitive data, current employees could be bribed to offer confidential details in interviews or social settings, or competition might pose as employees to gain on-sight or IT access. USBs are also a commonly used technology in corporate espionage, as they can contain malware allowing competing entities to steal data from corporate servers.
There are, however, myriad precautions you can take to protect your company from IP theft, both within and outside the candidate selection process.
- Conduct a security audit of both physical spaces and IP (from ideas being floated around the office to data located on your company’s servers). The audit should also work to secure sources of data, such as USB drives or laptops, that could be physically stolen.
- Ensure areas in which the candidate may be present, such as conference rooms, are cleaned prior to the interview process so no private information is left exposed.
- During the interview process, be aware of whether the questions asked by the candidate are relevant to the job, or the candidate’s LinkedIn seems incomplete, or their resume lacks specific details.
- Do not leave the candidate alone between multi-session interviews.
- Utilize a buddy system when the candidate is badged into private areas or labs.
Though corporate espionage may seem like something out of a movie, it’s more common than you might think. With proper precautionary measures and ongoing vigilance, you can mitigate risk and still build a stellar (and spy-free) team.
