Consider this, a firm contracts an employee from an IT company to work on a project. After completion of the project, the contract employee publishes the code written for the project on a public platform online. This is not a hypothetical scenario, but something that has actually happened. Another instance is that of Chinese intelligence allegedly planting a chip in Amazon and Apple servers manufactured in China. With the chip in place, they had complete access to all the information on Apple and Amazon servers.
Be it finance, manufacturing, aviation or any other industry, most of the information is on the virtual space now. With increasing cybersecurity threats, it has become more important than ever to protect intellectual property (IP), especially ones that might put public infrastructure at risk.
While we have patents, trademarks, copyright, and other IP rights, they are a recourse mechanism, but in no way prevent the theft. While it does act as a deterrent if the theft was to occur due to malicious intent these same rights are not of much help. Hence, the importance of having tools, processes, and protocols to protect one’s data.
Protocols & Processes in Place for Data Protection
Intrusion Detection Systems (IDS)
These include devices and applications that scan business networks to track all activities and issue alerts if any suspicious activity or breach is discovered. Some systems even respond to security alerts. Some methods used to detect breach include signature-based IDS which looks for sequences or patterns used by malware, anomaly-based IDS that uses machine learning to compare new activity against trustworthy behavior.
Security Management Software (SMS)
These software include network-based, datacenter/storage-based, end-point based and content aware data protection tools and solutions. These applications monitor and secure data while it is being stored and transferred. This includes emails, IM and social media interactions; data centers, file servers, file sharing platforms and databases; laptops, tablets, POS.
NDA & Non-Competition Agreements
In case of the contract workers, IP theft usually happens through human activity. By deterring such behavior, companies can protect data more efficiently. New employees, contract workers and those who are leaving the organization should be made to sign NDAs and Non-Competition Agreements. This will ensure that employees do not divulge company and trade secrets.
Management Systems Approach
Every department in the company should band together to secure IP of the firm through responsible practices that include understanding how leaks might erupt and ensure constant vigilance.
Other ways in which firms are keeping their information secure and theft-proof is using company servers that can only be accessed through a VPN (Virtual Private Network) and a software for authentication, barring the use of external devices and block connecting ports. Many companies, especially those who work on government projects, go as far as to mirror their employees' screen on ghost devices to oversee everything.
Given the sensitivity and importance of securing data, implementing security measures is no one departments’ job. Take, for example, Siemens. The firm has an established central Corporate Intellectual property department, which is responsible for overseeing IP strategy, policies and protection procedures.
While sometimes these stringent measures may be interpreted as a hindrance to executing tasks, resistance to adopting these can lead to a fracture in the safety procedure. Educating employees and contract workers alike to help them understand the importance of securing a company’s information, data and the gravity of intellectual property theft will help. New employees and contractors from other companies need to be briefed on existing security protocols and the consequences of breaking them. Also, employees and contractors exiting an organization should be asked to furnish all company information that they hold.
Irrespective of the nature of data, be it organizational or personal, data security is of paramount importance; we should not get lax about securing it and preventing untoward incidents.