Intellectual property (IP) covers a wide variety of corporate capital, including customer information, business plans, trade secrets, creative work products such as scripts, and proprietary software or hardware. Hackers, corporate competitors and nation states are all potential IP thieves. Scripts and video from the hugely popular Game of Thrones television show were recently leaked online. Earlier this year, Forrester Research admitted that it was the victim of a cyberattack. While no confidential client data was stolen, hackers gained access to “content intended for exclusive use by clients. “We recognize that hackers will attack attractive targets—in this case, our research IP,” said George F. Colony, CEO of Forrester.
Protecting IP Against Insider Attacks
When it comes to insiders and the corporate crown jewels, organizations can take several steps to help protect their IP:
- Identify your IP, confirm the right people have access to your IP, and take steps to compartmentalize your IP.
- Ensure that information security plans include procedures and policies on the proper protection of IP.
- Establish procedures to ensure cloud storage security, train anyone setting up storage in the cloud on these procedures, and monitor adherence.
- Extend security measures to plug any holes that could result if employees have remote access to your IP. The use of encryption and requiring additional authentication can help to ensure hackers don’t exploit employees working remotely.
- If partners or suppliers contribute to your IP – or have access to IP – vet the security practices of these organizations.
- Have employees acknowledge IP agreements by regularly re-signing, especially when leaving the organization. Periodic reminders and training can also help employees identify signs of IP theft risk in coworkers. Failure to show effective employee indoctrination and training on IP theft policies and practices can weaken any legal remedy to address violations.
- Use monitoring software to watch actions taken on IP data, including file transfer tracking and email transfers.
- Partner with HR to ensure proper offboarding of employees. As mentioned earlier, most insiders steal data within a month of departure. Chemours was able to determine theft of IP by an insider due to offboarding and forensic efforts put in place after giving the employee a termination notice. They monitored the insider’s activity on the network, and detected confidential documents sent to the individual’s personal email account.