Protecting intellectual property and confidential information is a huge challenge for businesses. The recent data breach at French defence contractor DCNS, where over 20,000 pages of documents exposing the combat capabilities of submarines DCNS is building for the Indian Navy, highlights just how difficult it can be to keep IP safe in today’s world.
Whilst most businesses do not have access to such sensitive information they will possess confidential information in one form or another and, in the 21st Century, all businesses are operating in an environment plagued with sophisticated attackers. IP and confidential information is notoriously difficult to protect so businesses should develop a security conscious culture and focus on raising and maintaining awareness of the changing threat landscape with its employees.
Here are our top 10 tips to help you protect your business’ IP and confidential information:
- Educate employees of the importance of information security and develop appropriate policies so that responsibilities are clear;
- Implement an on-going awareness programme. The threat landscape changes constantly so it is important your employees understand new threats particularly when they can be targeted i.e. social engineering;
- Implement and enforce a password policy to prevent unauthorised access to systems operated by the business. Ensure strong passwords are put in place by all employees which are of a reasonable length with varying characteristics, i.e. numbers, letters, and special characters, and do not permit employees to use personal information in their passwords to make them more difficult to guess;
- Operate a clear desk and clear screen policy so that sensitive documents containing confidential and sensitive information remains protected from falling into the wrong hands;
- Implement “defence in depth” – layer your security, particularly with your most sensitive or confidential data so that even if one layer of security is compromised there are still other layers to prevent unauthorised access;
- Regularly review and investigate logs/alarms to look for suspicious and unauthorised activity and consider implementing Security Incident Event Management (SIEM) software to automate the log analysis process;
- Implement a “Data Loss Prevention solution”. One of the biggest threats to IP and confidential information are employees. Protect yourself from this insider threat by preventing users from sending certain data to an external source and which tracks and monitors data movement that is prohibited;
- Only grant the minimum access required and restrict access to sensitive and confidential files with access only to be authorised on the basis that it is essential for an employee’s role, reviewing access permissions regularly and removing access when it is no longer required;
- Include appropriate confidentiality terms in employees’ contracts to protect your IP and data which outline the consequences of failing to do so; and
- Disable employee access to sensitive information upon resignation.
It is worth noting that investigators are usually able to find logs which can identify how breaches have occurred and, with the above measures in place, these should help reduce the risk of breaches and assist in detecting them if and when they do happen in order to provide the opportunity to limit their impact.
If you require any further information on the issues raised above please contact: