Safeguarding Your Business Against Intellectual Property (IP) Theft
December 03, 2013 by Brad Garnett
As many businesses prepare for an uptick in business, now is a good time to revisit internal controls and policies, as it relates to safeguarding your intellectual property (IP). In this post, we discussed the anatomy of the data breach. According to Dictionary.com, intellectual property is defined as, “property that results from the original creative thought, as patents, copyright material, and trademarks” (2013, Dictionary.com). Your company's intellectual property should be treated the same way as tangible assets and financial statements.
In the 2013 Verizon Data Breach Investigations Report (DBIR), 20% of breaches were aimed at stealing intellectual property. U.S. companies lose millions of dollars annually due to IP theft. While cyber crime is often referred to as a “faceless” crime, intellectual property theft can have a familiar face. While you may probably have (or should have) external controls in place to protect your computer network from cybercriminals, what are you doing to protect your business and intellectual property from current and former employees? When a termination occurs or an employee separates from your company, what are you doing to ensure no internal data breach occurs?
Some items you can review or questions you should be asking:
- What current written policy and procedure are in place for dealing with company IP?
- Are pre-employment background screenings being conducted on all new employees?
- Are employees aware of company policy on IP confidentiality? Do you regularly review company policy on maintaining IP confidentiality with employees?
- Does an employee require administrator rights to the computer system for his/her job function? If so, why?
- Have you partnered with your IT staff to monitor incoming and outgoing traffic on the network?
- Are employees limited on when and where they can access the local company intranet?
- Do employees have the computer rights/privileges to remove documents via a removable USB flash drive?
- Did the employee have rights/privileges to upload or share files via the Internet?
- Are you reviewing social media as a source of information? If applicable, does the employee have access to your company’s social media accounts?
- Have you reviewed or created a policy for stakeholders to follow (i.e. Legal, HR, IT, and management for planning and responding to a breach.)? Have you made contact with legal counsel on reporting requirements in the event of a breach or intellectual property theft?
Insider threat and IP theft incidents should be taken seriously. In the digital information era, it is very important to always protect your company intellectual property. If you do have a data breach or IP theft, contact a digital forensic professional to assist in preserving and analyzing data that may aid in answering those unanswered questions about your business data. Pre-planning and developing policies are key to responding to an insider threat or intellectual property theft.
Brad Garnett, CCE®, GCFA is a Digital Forensic Consultant with Kemper Technology Consulting, a division of Kemper CPA Group LLP. Prior to joining the Kemper team, Garnett spent the last decade in law enforcement, where he specialized in digital forensics. If you have a situation where forensic technology is needed to help you find an answer or make a tough business decision, please contact Brad at 812-421-8000.
Kemper CPA Group LLP publications should not be construed as legal advice or legal opinion on any specific facts or circumstances. The content is intended for general informational purposes only. You are urged to consult your own advisor on any specific legal questions concerning your situation.
References:
Dictionary.com (2013). Intellectual Property. Retrieved from http://dictionary.reference.com/browse/intellectual+property
2013 Data Breach Investigations Report. Retrieved from http://www.verizonenterprise.com/DBIR/2013/