BreachExchange mailing list archives
Cybersecurity and intellectual property: How protected are you?
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 1 Sep 2015 19:38:56 -0600
http://www.insidecounsel.com/2015/09/01/cybersecurity-and-intellectual-property-how-protec The biggest threats to your company's intellectual property may reside inside your own organization. Employees are frequently the primary threat to data security, whether it's a departing employee stealing trade secrets, a well-intentioned employee placing valuable intellectual property on an unsecured computer or device, or a hapless employee accidentally installing dangerous malware. Employees need access to sensitive internal data and trade secrets, but this access creates security risks. Some companies deal with this issue by relying on employee non-disclosure or confidentiality agreements. But sophisticated companies use information-security standards from the healthcare and financial services industries to safeguard their IP. These standards help companies protect their IP from negligent or malicious employee conduct. So how can protect your intellectual property from employee piracy or negligence? Restrict Access to Confidential Information. Employees should only have access to confidential information when there is a business reason for it. Only the highest-level executives or those with an absolute need should have unfettered access to the company's IP. Restricting access helps monitor the flow of data, limit opportunities for piracy and demonstrates that efforts have been undertaken to maintain the secrecy of trade secrets. Monitor Access to Confidential Information. Companies should monitor and track network activity with respect to IP. Activity logs help determine how and when information was leaked. Companies should utilize tools that generate alerts when larger files are exported or emailed outside the organization. These tools allow companies to detect suspicious activity and take action. Likewise, HR should notify IT when an employee tenders his or her notice of resignation to ensure that the employee's network activity is closely monitored. Encrypt Your IP. Confidential information should be encrypted when stored or transmitted. Employees who use confidential information to perform their jobs or who may store documents locally should receive encrypted computers. Develop Clear Policies and Procedures Regarding the Handling, Storage and Disposal of Confidential Data.The company should clearly communicate: what constitutes confidential information or a trade secret; how that information should be handled, safeguarded and stored; how confidential information should be securely transmitted and under what circumstances; whether confidential information may be accessed via personal or mobile devices; and the methods and circumstances under which an employee should dispose of confidential information. Train Your Employees. If employees are not motivated to care, or simply do not understand the consequences of violating policies, their lax attitude increases the risk of a security breach. Effective employee training programs utilize realistic examples and common situations to demonstrate best practices. Enforce Company Policies and Procedures. If the company has a policy that prohibits employees from emailing confidential information to a personal device or email account but supervisors routinely allow or ignore the practice, the company has very little hope of safeguarding its confidential information. Develop an Incident Response Plan. Every company should have an incident response plan that, in the event valuable intellectual property is lost or stolen, clearly defines the relevant stakeholders (including the immediate involvement of the appropriate business executives, legal counsel, and relevant IT or forensics support) and who leads the response team. Perform Security Audits. To assess and address security vulnerabilities, the company should audit and test its security program. Upon identifying vulnerabilities, the company must strengthen and reinforce its security controls to ensure compliance. These steps will help companies protect their IP from negligent or malicious employee conduct. If you’re ever in a legal proceeding relating to the theft or misappropriation of your company's confidential information, you’ll need to demonstrate the steps taken to protect that information. Developing and enforcing a strong information-security regime helps protect the company on the front end and the back end.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Cybersecurity and intellectual property: How protected are you? Audrey McNeil (Sep 03)