Cybersecurity & IP: Steering Hackers Away From Digital Assets

By CIOReview | Friday, October 27, 2017
269
452
92

Many companies rarely appreciate the significant value embodied in intellectual property, while others take the time to understand and grow such assets. Even the most sophisticated companies with developed IP portfolios are either ignoring or failing to address this terrifying threat to IP capital. Here are a few realistic tips every company holding valuable IP assets on its hard drives should take into serious consideration.

Identifying and Segmenting IP Data 

Most companies think that password protection and file access restrictions are enough. Segmenting sensitive information into other virtual servers and further compartmentalizing it makes it far more difficult for hackers to get to that information in the first place. The side benefit is that organizations also perform a mini due diligence on their IP in the process, leading to stronger IP assets as a result.

Written Information Security Program Addressing the IP Assets

Companies with a significant data footprint must have a written information security program (WISP), at a minimum, for highly sensitive confidential information as well as specific development data related to any products and services that requires IP protection. The WISP must incorporate many more levels of intrusion detection and prevention so as to make the “crown jewels” of IP as difficult to access as possible.

The IP and Cloud Mix

It is not recommended for companies to place highly sensitive intellectual property in the “cloud” unless it is encrypted and the security keys are monitored. Most state data breach notification laws provide for an encryption “safe harbor,” and when it comes to cloud-based services and your IP, encryption is critical. Although many cloud providers are offering increased security and even encryption, precious few of them are willing to shoulder the risk of a breach that results in IP theft. Don’t risk it—and if you have to—make sure you take appropriate steps to encrypt highly sensitive data and limit access to it.