Protecting IP

An overseas partner pirates a software title and sells it in local stores. A sales manager leaves for a competitor and takes his Rolodex and his clients with him. A company violates another’s patent when creating a new Internet service, hoping the theft won’t be noticed and the patent won’t be enforced. A new employee has taken a job with your company for one reason and one reason only — to steal your trade secrets.

Theft Risks & Prevention Steps
Principal IP Theft Risks

  • Insiders, especially those leaving the organization
  • Outsourcing
  • Partners, customers, and third-party vendor relationships
  • Accidental disclosures, such as an organization accidentally posting sensitive data on an online forum
  • Hackers and organized crime
  • Competitors and corporate espionage

    Eight Steps to Prevent IP Theft

  • Create information hierarchies and restrict access to critical data
  • Deploy appropriate security technologies, such intrusion prevention and anti-phishing systems
  • Deploy information monitoring and content filtering technology
  • Log important systems like email and perform regular audits
  • Educate your employees. Address IP policies in the employee handbook and hold regular training sessions
  • Create and enforce policies, and make IP theft prevention part of your overall security efforts
  • Conduct background checks and screening, whether with potential new employees or vendor partners
  • Create comprehensive data backup plans. Those stealing data may erase or destroy it to cover their tracks. Data backup also provides audit trail

    FREE IT Management Newsletters

  • All of these are forms of intellectual property (IP) theft, which is becoming more and more common in the digital age. According to the U.S. Commerce Department, intellectual property theft costs U.S. business about $250 billion each year, while also slashing nearly 750,000 jobs from the U.S. economy.

    IBM states cyber-crime is now more expensive for U.S. businesses than physical crimes, while also noting that more than 70% of businesses believe insider attacks are more of a threat than those from traditional hackers.

    The most recent CSI/FBI study found 52% of survey respondents were impacted by security breaches from outside of the organization, while 68% of those reporting security incidents believed a significant portion of those breaches came from insiders.

    Faking an Entire Company

    NEC recently fell victim to one of the most ambitious IP theft schemes ever. In 2004, after fielding reports of counterfeit keyboards, blank DVDs, and blank CDs being sold in China, NEC sent investigators to trace the problem.

    Investigators found that pirates weren’t simply knocking off typical consumer products but trying to create an entire fake company. Their product lines were extensive and their products were judged to be of high quality.

    After raids on 18 factories and warehouses in China and Taiwan, authorities found a phony NEC brand pirating everything from MP3 players to home entertainment systems. The counterfeit products sold in Taiwan, China, Hong Kong, Southeast Asia, North Africa, the Middle East and Europe. Often retail stores stocked the counterfeit products alongside legitimate NEC goods.

    With such an extensive con, why not simply create a new company? Brand recognition. By slapping the NEC label on their products, the new company had instant name recognition and a multination marketing push they didn’t have to pay for.

    Typically, the scope of an IP theft incident is far less than that experience by NEC, but even a single incident can cause enormous damage. While the dollar amounts estimated by the likes of the U.S. Chamber of Commerce are shocking, many experts believe those numbers underestimate the full scope of IP theft.

    “Everyone knows the problem exists,” said Ed Gaudet, vice president of Product Management for Liquid Machines, a provider of enterprise rights management solutions. “However, not everyone reports it, and many don’t even know they’ve been the target of IP theft.”

    Robert Richardson, director of the Computer Security Institute, added, “It’s a very slippery thing to estimate. Unlike theft from a bank account, where things are measured in dollars, it’s hard to know what the actual cost is. There are so many intangibles that can make the loss greater than it first appears.”