Threats

Where are you most at risk?

Human ResourcesPhysical SecurityInformation TechnologyIntellectual Property ProtectionLegal and ethical policies and proceduresTrusted Business Partners

Intellectual Property Protection

Are your crown jewels safe?

Protecting Intellectual Property (IP) is a top concern for any organization. American businesses are known for innovation and growth; these qualities help form the bedrock of US economic success. These same qualities also make them prime targets for theft of patents, trade secrets, IP, research, and sensitive information.

Theft of patents, processes, designs, and proprietary information have resulted in their bankruptcy and loss of research and development (R&D) funding in the past. When an insider uses stolen data to create similar products at a reduced cost to compete against their company, this has direct and harmful consequences.

True Story

An employee worked as a chemist and later a product development director at a manufacturing plant…

Learn More Button

 

What can your organization do to protect your Intellectual Property?

Have a plan that details:

  • IP identification
  • IP ownership rights
  • IP employee access
  • IP trusted business partner access
  • Incident reporting

Control access:

  • Physical access
  • Systems access
  • Employee training

Monitor:

  • Data integrity
  • Access/printing/copying/transmitting
  • Remote access

True Story

An employee worked as a chemist and later a product development director at a manufacturing plant. He made a business trip abroad to work with one of the victim organization’s subsidiaries, and a co-worker noticed that he was unusually interested in a foreign competitor.

A few weeks after the trip, the insider resigned abruptly. This raised some suspicion at the victim organization. They investigated the company laptop he had returned and noticed that he had deleted all of the temporary files. Upon further examination, the organization discovered a hidden file that contained, among other things, a prohibited data copy program and 44 GB of unauthorized data that included IP.

Upon executing a search warrant, authorities confiscated a USB drive from the insider’s luggage as he was attempting to leave the country. The drive contained IP belonging to the organization. The information included formulas for products that the insider had not worked on and had no legitimate reason to possess. The authorities also noticed that the insider’s LinkedIn profile stated that he was now employed by a competitor in a foreign nation. The insider was arrested, convicted, and sentenced to over one year in prison followed by supervised release. The insider was also ordered to pay restitution.

What could the organization have done to reduce the risks posed by this employee?

  • Ensure employees are trained on insider threat risks and indicators. Employees should know who to contact and how to make a report of any concerning activity or behavioral indicators.
  • Leverage organizational capabilities to protect IP, and to detect and monitor unusual activity. For example, IT security should have the ability to detect out-of-scope access to sensitive information by employees and transfers of large amounts of data on a company network.