12 Ways to Protect Your Intellectual Property Against Cyber Attacks [part II]
WRITTEN BY MICHAEL JOSEPH (PRESIDENT & CO-FOUNDER) & MICHAEL FORD (DIRECTOR OF STRATEGIC INITIATIVES)
Don’t Attempt Everything at Once. Take A Metered Approach.
In Part I of this list, we covered various ways to protect your Intellectual Property (IP); all of which will take time. Security projects are often initiated in response to an incident and under a deadline. You may be tempted to implement all of these recommendations at once; however, these recommendations will each involve different people or departments across the organization.
As you work through the lists from Part I and Part II (below), it may be better to break them into individual projects. You may also consider working with an IT security consultant who is familiar with your industry, so they can guide you on the best practices to apply and the pitfalls to avoid.
Here are six more measures you can take to help
protect the Intellectual Property of your Biotech:
7. If partners, vendors, customers, or other third parties share or need to have access to your IP, make sure that they are contractually obligated to protect your IP, and utilize an expert IT security consultant to vet their security posture; the smart ones will likely ask you to do the same, as this should be a standard protocol for business relationships where IP is shared. Additionally, implement a strategy for proactively detecting loss of your company’s IP by these third parties. You certainly don’t want to be the last to know that something has gone wrong.
8. Require employees to acknowledge IP agreements upon hire and then on an annual basis; also have them re-sign the agreements when leaving the company. Provide periodic training to help employees identify signs of IP theft risk—from external attacks such as phishing, social engineering, and ransomware, as well as from fellow employees.
9. Make sure that all IP is backed up on a regular basis, and that data restoration is regularly tested. Also, assure that IP is available to the business through any interruption of IT services by having a well thought out (and tested) Disaster Recovery and Business Continuity Plan.
10. Implement controls to prevent and detect IP leakage. Monitor your IT infrastructure for indications that IP theft is taking place—especially with respect to file transfers, emails, and online collaboration platforms. This may be by regularly monitoring of system logs, disabling the use of USB drives on workstations, and/or enabling Data Loss Prevention features on your email system.
11. Assess the correct strategy for protecting IP stored or processed in the Cloud. Depending on the type of cloud service, this may be similar to protecting IP at a third party and/or it may involve implementing the same controls you implement for your on-premises infrastructure. Collaborate closely with your cloud provider to understand what they will and will not do when it comes to helping you protect your IP; document who is responsible for what.
12. Work with your HR department to integrate IT processes into their off-boarding procedures. Properly off-board employees so that IT network access and building access are revoked promptly. Most insider attacks occur near the time that employees are leaving or within a few weeks afterward.
Deciding between keeping IT security tasks in-house or relying on a partner with specialized expertise, can be compared to managing home improvement projects. There are many things you can try to repair using the Do-It-Yourself approach. If everything goes just right, you might save yourself some money, and hopefully, you’ve got time left over to relax. But what if everything goes wrong?
Take a moment and think about your company’s network as your home. In our houses, we go to great length to secure ourselves—doorknob locks, deadbolts, smart locks. Now look at your corporate network, how do you feel about the front door of your network? Does it give you the same sense of security that the front door of your home does? This is why we need network security.
Once ransomware is resident on a system, it can be a simple money collection exercise or a means to an end to capture intellectual property. Lost intellectual property may allow an organization in another country to leap forward and deliver your discoveries.