Intellectual property, or IP, is broader than most people expect. It includes trademarks and patents, of course, but also encompasses employee know-how, internal communications, competitive insights, and budding innovations. Overlooking how much data falls under the umbrella of IP can lead to sensitive information being exposed to unnecessary and unacceptable risks.
Cybercriminals of all stripes target IP because it has immense value, especially compared to basic consumer data. IP is under such persistent attack that companies lose an estimated $300 billion annually
, which also leads to the elimination of 2 million jobs. The hard truth is that IP theft is and always will be on the front lines of cybersecurity.
The Complex Landscape of IP Theft
Companies that discover their IP has been stolen do have some legal recourse, however. The Defend Trade Secrets Act and the Digital Millennium Copyright Act empower companies to take civil action against anyone who misappropriates intellectual property. Unfortunately, neither law is perfect in practice.
DTSA assigns a heavy penalty for IP theft — up to three times the value of the property — as long as plaintiffs can show they’ve taken adequate steps to protect their intellectual property. The most problematic aspect is that different state courts have defined “adequate” differently, leaving unanswered questions about when and how settlements are awarded.
DMCA also has uncertainty. The law was implemented after easy file sharing on the internet began to exacerbate media theft. Consequently, it provides sweeping protections for copyrights but not for patents, trademarks, or other data that should realistically be considered IP. Despite the expansive legal framework in place, IP theft typically leaves victims with limited options.
The simple solution would be to safeguard all IP, a monumentally difficult proposition when insiders are the biggest threat. Research shows that half of all departing employees
leave with confidential information, either accidentally or intentionally. And when insiders are motivated to steal, their close proximity to IP makes it easy for them to bypass security controls.
On the other side of the equation, third-party vendors up and down the supply chain can put IP at risk if they’re not trustworthy. Companies are in the difficult position of having to look both inward and outward with equal scrutiny while hoping the laws provide adequate protection. It’s a dire situation, but that doesn’t mean IP protection is impossible.
The Key Components of IP Cybersecurity
Don’t assume that your existing cybersecurity strategy is adequate at protecting your present and future intellectual property. Fully addressing the unique vulnerabilities of this data will also require a unique strategy with regards to its protection:
• Address IP comprehensively:
Safeguarding IP requires a constellation of protections — legal, technological, logistical, administrative, etc. It should include everything from data encryption to access controls to nondisclosure agreements. All of these measures are necessary to protect IP from every conceivable threat. Plus, courts are likelier to side with plaintiffs who are proactive about securing secrets.
• Define IP clearly:
All IP is sensitive, but some more so than others. Start by identifying any data that could fall under the definition of IP. Then, segment that information by type of IP and level of protection needed. For instance, patents and trade secrets are both IP, but the former is public knowledge while the latter is confidential information. Systematically cataloging IP allows you to secure information according to its sensitivity.• Get aggressive about access:
Because some of the biggest threats are internal, companies need to think seriously about who has access to IP in any form. All access points need to be identified and strictly controlled; otherwise, it’s impossible to know when trade secrets are drifting out the door. Access controls should include physical security, digital barriers, and data segregation.• Be consistent and recalibrate:
As tempting as it may be to bypass protections in order to expedite workflows, a single lapse can put sensitive data in jeopardy. Outdated cybersecurity strategies can do the same thing. IP protections require regular review and revision in order to keep up with evolving threats, changes to the laws, and expanding amounts of IP.
On a fundamental level, IP is the lifeblood of your company. If your intellectual property were to fall into the wrong hands, the damage could be impossible to overcome. Instead of treating this data as sensitive, acknowledge it for what it really is: mission-critical.