The Department of Defense (DoD) identified that the U.S. is losing on average $600 billion annually in defense intellectual property (IP) to non-friendly countries due to the hacking of DoD Industrial Base (DIB) suppliers. The answer to this problem is (cyber)security. There's no way currently to be 100% protected, but there are steps any company can take to enhance the security around their IP.
Here are 5 cybersecurity tips any company can take to help safeguard their intellectual property or any sensitive data within the company.
1. Know what intellectual property you have to protect
This means that everyone in the company should have an understanding of what to protect. If all employees understand what needs to be protected, they can better understand how to protect it and from whom. Keep the info high-level and without confidential details.
Make a list of your IP, how it's hacked, and what's required to protect.
Make it a living document as the IP list will grow.
Share it with your employee base.
2. Know the location of your intellectual property
If you focus your efforts on your core IT systems to protect IP, you will overlook other areas where it might be stored or processed. Manage your assets in a database or an Excel file. Be sure to include things such as:
Printers, copiers, scanners and fax machines. Your input/output devices all store the documents they process, and they are typically networked and connected to remote management systems. Proper policies and procedures need to be in place to purge these documents and protect against unauthorized access.
Cloud applications and file-sharing services. These might be company-managed or shadow IT. You need to know what your employees are using so you can restrict unauthorized cloud services and ensure that company-sanctioned services are properly configured and secured.
Employees’ personal devices. An employee might email a document home, typically for benign reasons. Educate your employees on the proper handling of IP and have monitoring systems in place to track where your IP is being sent.
3rd-party systems. IP is often shared with business partners, suppliers, or customers. Make sure your contracts with those parties define how those 3rd-parties must secure your IP and have controls in place to ensure those terms are followed.
3. Assess the Risk of losing your intellectual property
After you have identified your company's assets, then determine what information, if lost, would hurt your company the most. Then consider which of those assets are most at risk of being stolen. Putting those two factors together should help you figure out where to best spend your IP protection efforts.
4. Label valuable intellectual property
If information is confidential to your company, put a banner or label on it that says so. If your IP is proprietary, put a note to that effect on every log-in screen. This seems trivial, but if you wind up in court trying to prove someone took information they weren't authorized to take, your argument won't stand up if you can't demonstrate that you made it clear that the information was protected.
5. Secure your intellectual property both physically and digitally
Physical and digital protection of IP is a must. Lock the rooms where sensitive data is stored, whether it's the server farm or the musty paper archive room. Keep track of who has the keys. Use passwords and limit employee access to important databases.
These are just a few tactics any company can take to safeguard their intellectual property. Certain ISO standards were developed to protect against the theft of IP and sensitive data in the digital world, including ISO 27001 and 20000-1. Reach out to us if you'd like to learn more about these standards or how ISOP can be a better ISO partner for your business.