How to avoid business IP leaks?

INTRODUCTION

Your company’s Intellectual Property is data in the form of customer records, business innovation tools and processes, patents, trade secrets or just employee know-how. In fact they are more valuable than your physical assets. Unless sufficiently protected, you’ll risk IP leakage that is dangerous and can open up your business to IP theft.

IP theft is a major ongoing concern worldwide as that can cause massive loses both in terms of property and reputation. IP leaks cost millions of dollars. There can be fines associated with releasing IP across borders without a proper export license in place or there are certainly cases where leaked IP has been used for nefarious reasons as well.

With every passing day, global trade and export rules are becoming more complex. Governments in various countries across the world are increasingly getting sensitive to the leakage of high-technology. IP that finds its way into the wrong hands can provide a boost to enemies or other hostile actors.

Why IP Leakages Happen?

As companies expand their workforce around the globe, acquire other companies, or get consolidated into larger enterprises, a vast network of teams located across many different countries often collaborate providing design assets and other collaterals to multiple projects. Plus, a complex and often overworked IT infrastructure of storage, data centers, and network connectivity underpins these teams. It is essential to track access and visibility of data by limiting access only to the data that is relevant to that particular person or team’s role in the whole process.

Malicious users are always a threat that needs to be taken seriously. But IP leaks can happen due to multiple reasons, often without any intention of wrongdoing.

Here’s how an IP can be leaked accidentally due to inadequate IP management:

1. Insufficient Access Controls

Users are free to view and download or use IPs without a proper system that prevents their access.

2. Avoid Use Model Problems

Avoid use models that encourage IP delivery outside of managed interfaces.

3. Embedded IPs

IP management platforms that lack traceability usually end up compacting IP hierarchies. This leads to situations where IPs that might have no restrictions themselves are embedded with restricted IPs — without the user’s knowledge.

4. Traveling Users

IPs can leak due to traveling users. If a user goes into a restricted geography and builds out project workspaces in that geography, it results in a leak. Even with adequate permissions, this might lead to the user exporting an IP without realizing it.

User Access Control & Audited Access:

Having important data in Excel Spreadsheets or a business system often means that almost anyone internally can access it with little to no security measures to prevent them. This makes it simple to copy, print and email important customer information to anyone, both internally and externally. Under new regulations, data breaches must be reported or there are major consequences.

Using simple features such as passwords on spreadsheets or implementing user access control to regulate who has access to sensitive data is a commonly used feature in modern systems today. With this type of role-based security you can also control what people can do with files or system data and limit the copying, sharing, editing or creation of customer data records. These features help limit the ability to share valuable IP but they are not completely secure. Extra measures should be taken including regularly auditing access and user actions, segmenting your data so only the relevant teams can work with it, or preventing bulk exports to safeguard your business sensitive data.  

Employee Training and Regular Refresher Courses:

Cyber security training, once in a while is no enough because a majority of cyber security breaches occur due to human error. The best way to prevent it is an ‘always on’ approach to employee training. Your employees are your first line of defence in protecting your IP, so you must ensure that your staff not only complete cyber security courses, but also continue to undertake refresher courses in cyber security to keep up to date with the latest threats, red flags to look for, defensive procedures and threat reaction plans. 

Security defence systems, IT protocols and firewalls will help prevent many dangers, but it’s the embedded culture of cyber security awareness amongst your staff as well as the systems and preventative measures you have put in place as an organisation that will forewarn and protect you against any attempted cyber threats.

System Security

The most common security threats include scammers impersonating a business you may be familiar with or have worked with in the past, fraudulent emails as well as viruses, malware and ransomware. Hackers and spammers have got more and more sophisticated, to the extent that sometimes it’s hard to tell a phishing email from the real thing.

Besides there is the threat of your data walking out of the building in the hands of an disgruntled or unhappy employee or when someone leaves the company? A recent survey by IT services company Accenture found that data theft by employees affects 69% of businesses.

That’s why internal use controls and employee awareness are only two parts of the security puzzle. Your technology team needs to be able to closely manage, monitor (and quarantine if necessary) every device with access to your networks and data. Cyber threat and data protection tools need to be built-in and the threat defenses constantly updated. Cloud back-ups are also essential today, to restore data and systems if the unthinkable occurs.

When it comes to data protection, your business should be proactive about its protection. Keep your security solutions up to date, and don’t be afraid to reach out to a consultant for advice.