John Shaw (Global) - How Businesses Can Protect Themselves From IP Theft

As technology becomes more sophisticated and tracking of Intellectual Property (IP) theft becomes more challenging, the pressure is on senior management within companies to prepare for the worst. IP theft can include company performance and strategy data, patents, works subject to copyright protection, trademarks, symbols and logos, trade names and trade secrets such as chemical recipes and designs. Often the main culprits are internal staff as they are trusted and ‘on the inside,’ so they have more confidential business information readily available to them. Contractors, clients, external competitors and hackers may also be potential offenders.

Software companies can spend enormous amounts of money and time developing new products; yet underestimate the ease of code being stolen. It is alarmingly easy to hide and transport software code – it can be a matter of a copy, paste and send. In this regard IT companies should take extra measures to isolate machines containing sensitive data, or put sensitive information on a separate network without access to the Internet. Physical isolation of affected machines can also be an option.

Restricted access

Some channels of theft are obvious, such as documents stolen via email and portable hard drives. Other forms of theft are not so obvious, through the use of photocopiers, fax machines, iPods, Trojans and Bluetooth services.

There are many simple measures an IT department can take in order to prevent data from leaking either intentionally or unintentionally. Putting in place an effective ‘IT Group Policy’ restricting access rights, can ensure that only the people who should have access to the sensitive data can have access. Company machines can also be locked down using encryption codes and password protection mechanisms. Investing in hardware to prevent access to vulnerable company material can also help prevent IP crime.

IT departments can further take measures to ensure any machine containing sensitive data does not have the facility to transport information via external means. This can mean preventing or blocking the USB ports in company desktop and laptop computers, blocking DVD writers and CD writers and restricting or disabling the use of Bluetooth devices.

Strict IT policy usage can prevent data from being transported to third party providers. For instance Hotmail, Gmail, Yahoo and other personal or external email accounts can be blocked, so employees cannot access personal email from computers containing sensitive information. This can greatly reduce the risk of IP material from being exported from the company.

Awareness and better training

Businesses can also deploy software that acts as a monitoring system to allow administrators to access employees’ computers to ‘see’ what they are doing, including any history of illicit activity. An effective monitoring system can speed up the process of gathering necessary evidence in the event of an IP theft or breach. It is important to note, however, that new monitoring systems require specialist knowledge and that a company should invest in training of IT staff should they wish to take full advantage of the most up-to-date software available. Employing the help of a compliance officer or a third party specializing in IP theft tracking to monitor and investigate suspicious activity can be vital to protecting the business. It is also important to consider that although a company may be able to implement measures to detect the crime, it is difficult to track and prove IP theft without specialist help, as computer evidence is fragile and can be easily destroyed or altered.

Staying a step ahead

IP theft is a growing international problem, and similar breaches and activities are occurring across the world. However the legal implications of IP theft and protection can differ greatly between countries. For instance data privacy is much stricter in countries such as France and Germany compared to countries such as the United States. This means that IT departments operating in different countries should be particularly aware of whether they are permitted to use certain monitoring systems and the legal implications of administration rights over employees’ computers and personal data.

Ultimately, protection against IP theft is an ongoing, collaborative effort by everyone within a company. IT departments have a paramount duty to ensure staff are effectively trained and constantly updated with the latest in IP protection mechanisms. Time and money invested in effective staff co-operation, strict IT policy and procedures and state-of-the art monitoring can ensure a company both minimizes the risk of IP theft and manages evidence of any real or suspected breach.

By John Shaw, Forensics Manager at First Advantage Litigation Consulting


« Adrian Schofield (South Africa) - Bridging the Gap


Matthew Prince (US) - 2012: The Road Ahead (Part 2) »