Where should businesses begin to protect their data?
To prevent theft of proprietary data a company must first identify what their ‘crown jewels’ are. These trade secrets must be identified and treated as secrets in order to have standing to seek criminal or civil charges against those who steal the information.
The second step is to conduct a physical and IT Security Risk & Vulnerability Assessment to identify how the trade secrets are protected and how a culprit can steal the information.
What are some ways data can be stolen?
Culprits, who are frequently inside employees, are stealing trade secrets and sensitive intellectual property through a variety of straightforward and not highly technical means. For example, culprits are sending e-mails to themselves, including through their personal Web-based e-mail accounts, that contain information in attachments. In addition, portable hard drives can be easily attached to a computer and its contents downloaded in a matter of minutes. In addition to both of these techniques, culprits continue to print hard copy documents and walk out the front door with them.
What preventive measures should companies put in place?
Once the vulnerabilities have been identified, the company must establish an “Information Security” program to compartmentalize the information and protect the data with firewalls and encryption. An audit system that tracks retrieval of the data should be implemented to determine who accessed the data with time and date.
Employee electronic transmissions should be monitored as well as printers that store valuable data. The IT system should be monitored on a 24/7 basis so that an intrusion or breach can be identified immediately and steps should be taken to thwart the attack.
How can businesses thwart attacks?
In light of the frequent use of portable hard drives as a means to steal trade secrets and sensitive intellectual property, there are significant methods that organizations can embrace to mitigate this risk. In fact, the use of such portable hard drives can be prevented by disabling their access so they cannot be used as a vehicle to house stolen trade secrets.
Risk can be further mitigated by preventing employees from being able to access personal Web-based e-mail accounts. In doing so, organizations can ensure that illicit communications are not taking place and trade secrets and sensitive intellectual property are not being sent by employees to themselves or to untrustworthy third parties.
Lastly, a layered and tiered security program integrating physical, electronic access and egress measures with cameras and IT security together with a training program backed with policies and procedures is the recommended method to protect valuable trade secret information and intellectual property.