In our last post about five cybersecurity tips to safeguard your intellectual property, we discussed:
Understanding the IP you have to protect
Where it’s located
Assessing the risk if that IP is compromised
Labeling it accordingly
Securing IP both physically and digitally
Companies continue to be hacked and even giants like Google are not safe from cybercrime. With cybersecurity continuing to be a big discussion at large and small businesses, here are 5 more security tips that will help protect your intellectual property. 1. Educate employees about intellectual property Awareness training can be effective for plugging and preventing IP leaks, but only if it's targeted to the information that a specific group of employees needs to guard. As is often the case, humans are often the weakest link in the defensive chain. That's why an IP protection effort that only counts on firewalls and copyrights, but doesn't focus on employee awareness and training, is doomed to fail.
In most cases, IP leaves an organization by accident or through negligence. Make sure your employees are aware of how they might unintentionally expose IP. The most common technologies through which sensitive data like IP is accidentally breached includes:
External email like a Gmail or Yahoo account (51%)
Corporate email (46%)
Collaboration tools like Slack or Dropbox (38%)
SMS or instant messaging apps like Whatsapp (35%)
With email, IP might be sent to the wrong person because:
The sender used a wrong address, such as Outlook auto-inserting an email address for someone other than the intended recipient
The recipient forwarded the email
An attachment contained hidden content, such as in an Excel tab
Data was forwarded to a personal email account
2. Know your tools to protect intellectual property
A growing variety of software tools are available for tracking documents and other IP stores. Data loss prevention (DLP) tools are now a core component of many security suites. They not only locate sensitive documents, but also keep track of how they are being used and by whom.
Encrypting IP in some cases will also reduce risk of loss. The Egress survey data shows that only 21% of companies require encryption when sharing sensitive data externally, and only 36% require it internally.
3. Take a big picture view
If someone is scanning the internal network and your intrusion detection system goes off, somebody from IT typically calls the employee who's doing the scanning and tells them to stop. The employee offers a plausible explanation, and that's the end of it.
Over time, the human resources group, the audit group, the individual's colleagues, and others all notice isolated incidents, but nobody puts them together and realizes that all these breaches were perpetrated by the same person. This is why communication gaps among information security and corporate security groups can be so harmful.
IP protection requires connections and communication between all the corporate functions.
4. Apply a counter-intelligence mindset
If you were spying on your own company, how would you do it? Thinking through such tactics will lead you to consider protecting phone lists, shredding papers in recycling bins, convening an internal council to approve your R&D scientists' publications, or other ideas that may prove worthwhile for your particular business.
5. Think globally For years, France, China, Latin America and the former Soviet Union states have developed reputations as places where industrial espionage is encouraged as a way of promoting the country's economy.
Many other countries are worse. A good resource for evaluating the threat of doing business worldwide is the Corruption Perceptions Index published each year by Transparency International.
ISO Standards Protect IP
Proper application of several ISO Standards will assist a company in actively managing these 5 steps to protecting your intellectual property.
ISO 9001 (Quality Management System) instills document and data controls, risk management, communications, and training.
ISO/IEC 20000-1 (IT Service Management) provides for asset management for your IP.
ISO/IEC 27001 (Information Security Management) provides controls to “lock down” your IP.
The new Cybersecurity Maturity Model Certification (CMMC) will provide one additional layer for safeguarding your IP.