12 Ways to Protect Your Intellectual Property Against Cyber attacks [part I]
WRITTEN BY MICHAEL JOSEPH (PRESIDENT & CO-FOUNDER) & MICHAEL FORD (Director of strategic INITIATIVES)
It’s 2:00 a.m. Do you know who is accessing your company’s Intellectual Property (IP)?
Your company’s IP includes customer and employee information, business plans, trade secrets, product patents, service protocols, and any proprietary software or hardware you have developed. In the biotechnology industry, for example, IP ranging from data collection to patents to drug-trials is at risk. If access to, tampering with, or deletion of IP were to happen, how would the business survive? How vital is scientific data to the overall business?
In the highly competitive biotech landscape that defines Greater Boston, an event which causes a delay is an extreme competitive disadvantage. For the larger biotech companies, these impacts can directly compromise revenue, and can also be a compliance nightmare when personal information is lost. It is essential to structure a thoughtful defense which can reduce the severity of an event… or even better, identify and stop a threat before it is able to impact the business at all.
Let’s start with six measures you can take to help protect the Intellectual Property of your Biotech:
1. Work with your legal department and other stakeholders to define and classify what counts as Intellectual Property in your business. This could be designs, research data, prototypes, inventions, or other business data that gives your company its advantage.
2. Identify all your data sources/storage systems that contain IP. You can’t protect something if you’re not aware of it! This can be in the form of structured data, such as databases, and unstructured data, such as office documents. Beyond servers and databases, it’s important to identify where employees are transferring IP to, such as workstations, USB drives, and cloud services.
3. Implement a least privileged access policy in order to limit how much IP one person could steal. Determine who should be allowed to access and work with each data source that contains IP and which data sources should be more restricted as to who has authorized access. Review at least once per year that each employee only has access to the IP that they need for their job function.
4. Don’t put all of your eggs in one basket. Compartmentalize access to different IP data sources by placing them on different servers. Segment your network; this way, if an attacker gains access to one segment, they won’t have automatic access to the rest of the infrastructure, and they also will have a harder time exfiltrating the data.
5. Review your IT security plans to see if existing procedures and policies provide the proper IP protection. Ensure that firewalls, intrusion detection, and other technical controls are in place to detect and stop attackers from accessing networks, servers, and applications containing IP.
6. Ensure that appropriate authentication and encryption are in place anywhere IP is transmitted or stored. This includes databases and cloud storage, as well as remote VPN access by employees.
Deciding between keeping IT security tasks in-house or relying on a partner with specialized expertise, can be compared to managing home improvement projects. There are many things you can try to repair using the Do-It-Yourself approach. If everything goes just right, you might save yourself some money, and hopefully, you’ve got time left over to relax. But what if everything goes wrong?
Take a moment and think about your company’s network as your home. In our houses, we go to great length to secure ourselves—doorknob locks, deadbolts, smart locks. Now look at your corporate network, how do you feel about the front door of your network? Does it give you the same sense of security that the front door of your home does? This is why we need network security.
Once ransomware is resident on a system, it can be a simple money collection exercise or a means to an end to capture intellectual property. Lost intellectual property may allow an organization in another country to leap forward and deliver your discoveries.