With 70 percent of the world’s intellectual property within the United States, U.S.-based companies continue to dedicate extensive resources to research and development, achieving substantial value and benefit from their IP.
Given the high degree of emphasis companies place on their intellectual property, a dangerous trend has emerged. Recent studies conducted by the American Society of Industrial Security (ASIS) and the FBI that demonstrate that more than one-third of surveyed Fortune 2000 and middle-market companies have no formal program for safeguarding intellectual property and spend less than 5 percent of their budgets on security.
As the regularity and intensity of IP theft continues to escalate, with losses calculated by ASIS at more than $150 billion per year, the protection of a company’s intellectual property and information assets has become a critical business issue. Although managerial and legal steps can and should be taken to safeguard such sensitive information, today’s technologically advanced world where information can be shared globally in a matter of seconds has changed the nature of how companies create, identify, maintain — and, thus, safeguard and protect — intellectual property.
Smart Business spoke to Ron Williams at Talon Companies about how businesses should approach the all-important process of protecting their valuable intellectual property.
What threats do companies face when it comes to their intellectual property?
Although companies struggle to prevent hackers from stealing intellectual property by fortifying their enterprise networks from external entities, the real threat continues to arise from employees, former employees and other direct members of a company’s work force. With more than three out of four instances of intellectual property theft perpetrated by inside employees or contractors, as continuously modeled by ASIS and FBI studies, the most devastating thefts of intellectual property have come from individuals who were deemed trusted insiders.
In light of this reality, the weakest link of a company’s security program is the human element. Anyone who has physical or electronic access to information assets, including contract workers, temporary workers, visitors, interns, and support and maintenance workers, has the opportunity to access unlocked computer workstations, computer servers, paper files and any passwords or other sensitive data left unprotected. Evenif a company has extremely robust IT security controls in place, all it takes is one careless, uninformed, or disgruntled person with access to the physical office space or enterprise network to engage in the theft of intellectual property.
How can businesses mitigate this risk?
The following high-level and summary guidelines can be employed to directly minimize this risk and further facilitate the protection of a company’s intellectual property:
- Ensure that access privileges, such as passwords, are disabled immediately following the resignation or termination of an employee.
- Restrict employees from sharing a single authorized account used to gain access to network resources or physical assets.
- Inform all employees that their usage of network resources and interaction with information assets will be monitored and audited.
- Track the inventory of portable computing devices, such as laptops and PDAs, to ensure no systems that may contain intellectual property go missing or remain in the possession of ex-employees.
- Implement console locking mechanisms on computer workstations so that systems left unattended will automatically log off and become password protected.
- Assign access privileges to employees based on their specific function and need to access intellectual property so that employees who do not require access to sensitive information assets do not have it.
- Instill a corporate culture in which safeguarding intellectual property is a high priority and each employee understands his/her responsibility to adhere to security practices, policies and controls.
What if, despite a business’s best efforts, IP theft occurs?
Although proactive security is the most mature and effective manner to safeguard a company’s intellectual property, the reality of risk management dictates that it is impossible to achieve a level of security that can, with 100 percent certainty, neutralize all forces seeking to successfully engage in the theft of intellectual property. As such, and in response to the theft of intellectual property through computer-based means, companies have the obligation to undertake well-orchestrated and thoughtful reactive measures to respond to the theft of intellectual property in a manner that will ensure electronic evidence is preserved and to establish a sustainable posture for internal or legal action.
At the core of a company’s response to the theft is the initiation of computer forensics and an enterprise investigation to identify, gather, analyze and preserve electronic evidence by experienced and certified professionals using dedicated forensic investigative tools. The discovery, collection, investigation, and production of electronic information for investigating and handling computer-related crimes or misuse surrounding the theft of intellectual property is a well-defined process grounded in government and law enforcement guidelines.
The following high-level steps are meant to provide clarity with respect to the collection of electronic evidence:
- Send a letter of notification to all involved parties.
- Include specifications regarding electronic evidence in the written discovery request.
- IT staff should be deposed via Rule 30(b)(6).
- Gather backup tapes.
- Gather removable media, such as CD-ROMs and zip drives.
- Question all available employees about their specific computer usage.
- Create a forensic duplication of the computer hard drive(s) in question.
- Mathematically authenticate forensically duplicated data.
- Ensure the proper chain of custody is followed.
- Initiate the computer forensics efforts and enterprise investigation.
What should businesses remember about protecting their valuable IP?
Too many companies are operating with a false sense of security surrounding their ability to prevent against the theft of intellectual property, contributing to the dramatic rise in occurrence and escalation in intensity of intellectual property theft. Proactively working to prevent IP theft is a manageable undertaking and is the only way to attain a true level of trustworthiness within a corporate environment.
As no company can possibly be totally proactive by predicting and neutralizing every possible risk and threat to intellectual property, defensive tactics and reactive techniques are vital to efficiently respond to theft of IP. All predictions demonstrate that intellectual property will continue to increase in value over the next decade and, as such, intellectual property theft will remain a growing problem that companies must consider, address and react to.
Ron Williams is the CEO at Talon Companies. Reach him at (800) 808-2566 or [email protected]. Reach Talon Companies Headquarters at [email protected], (800) 808-2566, or www.TalonCompanies.com.
Talon Cyber Tec is dedicated exclusively to providing proactive and reactive security solutions to combat the escalating threat and reality of cyber crime, helping organizations address the critical business issues of security, privacy and compliance. Talon Cyber Tec integrates the proven and well-established principles of physical security into the realm of information security by bringing together leading human capital, information security expertise, in-depth research, and extensive real-world experience to help organizations strike a balance between business and security goals.
Talon Cyber Tec is a subsidiary of Talon Executive Services, an independent risk management firm providing full spectrum services to secure corporate assets and prevent loss due to malevolent acts.