By Ilia Sotnikov, VP of Product Management at Netwrix
Intellectual Property (IP) comes in various formats, including source code, trade secrets and know-how. IP is one of the most critical assets that organizations have, because it helps them stand out from the competition, increase their commercial value and offer customers additional value. Unlike patents, IP cannot be disclosed and requires strong protection.
Unfortunately, it is hard to prevent IP theft, because all your employees who come in contact with sensitive data pose a potential threat. They may have a lax attitude about security, or even have a malicious intent to steal or destroy IP. According to the Netwrix 2018 IT Risks Report, 39 percent of companies consider departing and terminated employees to be the biggest risk to their IP, and 31 percent say that regular business users are the most dangerous threat actors. Here are four simple steps that will help you mitigate the risk of IP theft.
1. Have an overview of confidential data you store
Due to business requirements, many organizations store their IP across multiple on-premises and cloud-based storage devices, which makes it hard to secure all the sensitive data appropriately. Also, users may copy sensitive data to their personal devices for work purposes, which puts data at risk. To protect your IP, you need to know exactly where your data resides and classify data from least to most sensitive. After that, identify who has access to your IP and define the potential points of compromise.
2. Implement principle of least privilege
To protect your IP, you need to make sure that only authorized personnel have access to it. Therefore, you need to use the principle of least privilege and grant access rights only to those who really need them for specific tasks. In addition, you need to regularly update access rights and deactivate user accounts as soon as employees leave the company.
3. Enforce security policy
Your employees may stick to bad security habits and forget about security policy, or deliberately ignore it for personal gain. For example, in 2018 U.S. authorities arrested a former Apple employee when he was about to fly to China with sensitive data relating to Apple’s self-driving car project. Therefore, it is important to monitor user behavior to quickly detect and react to signs of security policy violations, e.g. spikes in user activity, anomalous VPN access or activity outside of business hours. Ensure that everyone is familiar with security policies and the penalties for ignoring them.
4. Collaborate with CEO
To make sure your employees don’t misbehave and put sensitive data at risk, involve the CEO in the establishment of security culture. He or she should set goals for the management team and the HR department to raise cybersecurity awareness among the staff. For example, the role of management teams will be to ensure that employees follow basic cybersecurity practices. The role of HR will be to conduct cybersecurity training for employees to show them how to deal with sensitive data and encourage them to report on incidents.
Each organization has individual points of data compromise and has to deal with specific threat actors. To mitigate insider threats to your sensitive data, I encourage you to have a coherent cybersecurity strategy that will protect IP and be in line with your business processes. Involve business leaders and the cybersecurity team in the decision-making process and create a strong security culture in your organization to make sure everyone follows best security practices and protects your IP.
About the Author
Ilia Sotnikov is an accomplished expert in cybersecurity and IT management. He is Vice President of Product Management at Netwrix, provider of a visibility platform for data security and risk mitigation in hybrid environments. Netwrix is based in Irvine, Calif.