In January the publishing industry was ablaze with gossip as a junior employee at a London publisher was arrested by the FBI. He was accused of stealing hundreds of unpublished book manuscripts by impersonating others in the publishing industry, with books by household names like Margaret Atwood and Sally Rooney reportedly involved. His employer suspended him until further notice. You can read more of the background here.
While this is a case with extreme facts — most employers will (thankfully) never have the FBI come calling for one of their employees — there are some useful reminders for employers about the importance of rigorous protection of confidential company information.
- Control access to the most sensitive confidential information: Giving access only to a select few or using encryption and similar controls can be effective both to protect confidential information and to assist internal investigations to identify the source of any breaches of information should the worst happen.
- Ensure employees know how to spot phishing: One of the tactics used here was impersonation of other industry figures, using domain names and email addresses resembling the genuine article. Employers should ensure employees are given information (e.g. with training, information in IT policies, and so on) to allow them to spot phishing so they aren’t caught out. The best technological protections in the world can’t save you if an employee is fooled and emails a key document to a scammer.
- Update contracts: Employers should be sure contractual protections are robust and targeted to specifically protect the confidential information in the business. For particularly sensitive information, employers may want to consider a separate confidentiality document in addition to employment contracts.
And the key point for the book lovers among us (myself included) is this: however much you want to read the latest Margaret Atwood, a stint in federal prison is (probably) not worth it...