Securing the Company's Intellectual Property

The major issue in many intellectual property cases is, Did the company protect the resources that were claimed to have been violated or stolen?

The FBI reported in 2003 that intellectual property or the theft of proprietary information totaled $70.1 million - the biggest financial loss for companies based on a small number of businesses that did report. These numbers come from companies that voluntarily report these incidents to the FBI to generate the basis of the security concerns. If all the companies would be forced to report, the numbers would be frightening for companies to get a true picture of where the security is in our nation.

Security can assist in the efforts to focus on the reduction of the vulnerable concern of intellectual property theft.

Where is intellectual theft coming from?

Common incurrence of intellectual property typically comes from the internal workings of your known company environment. Examples of internal threats to your company would consist of the access of an employee, contactor or guest. The internal threat of the organization is due to the confidential information and access that employees are given during their employment with the organization. The FBI reported that in 2004, 59 percent of the attacks are the internal users of the system.

The resolution is the restructuring of the security measures around the organization's access controls and conducting regular audits of the systems and plans.

External threats to intellectual property are coming from a variety of different directions. The most common is corporate espionage, hacking and identity theft.

Corporate espionage cases are becoming more common as competitor companies are trying to get an edge on being the best in the niche. Competitor companies have gone to the extremes to hire hackers to provide a denial of service attack of the opposing Web site along with a number of other activities. The goal in corporate espionage is to steal trade secrets, financial data, confidential client lists, marketing strategies or other information that can be used to sabotage the business or gain a competitive advantage.

What can companies do to lower the risk of exposure to IP theft?

The company responsibility is to provide the due care in protecting its efforts to protect the resources. But securing the intellectual property of your company is not a one-stop answer to resolve the issue.

Companies need to look at the level of risk that resides around the core of the business. A customized solution to your security plan should combat and encompass the company's overall security goals in keeping it secure.

When looking at securing your intellectual property, your security plan should include, at a minimum, the following:

* business continuity and disaster recovery plan current and up to date;

* current and up-to-date incident response plan;

* examination and re-examination of the company policies and procedures;

* on-staff or at-call expert in computer forensics;

* audits and penetration testing of the systems; and

* solid security solutions based on the risk analysis of the company.

Having a good working plan in place will help when an incident occurs in your organization. Shifting the company's paradigm from luxury item or, I will look at security when I need it, to being prepared with plans and expert consultants when the incident occurs is the future.

In security, the phrase is not if an incident will occur - it is always when it will occur. The organization should have incorporated in the plan to make the plan more effective in the implementation of an expert in computer forensics. Computer forensics investigation is crucial in the detection of the incident and the only way to prove if your intellectual property has been stolen.

The most important piece of the security puzzle is to have an expert to preserve the evidence and to have a plan to stabilize the company's success for the future. Computer forensics investigations help to defend their property and recoup their losses as the company proceeds with legal action. The return on investment for companies that are staying on the forefront of security issues is seeing the benefits of having an expert and plans in place.

Large corporations are already complying with federal laws that mandate them to comply with the Sarbanes-Oxley and Gramm-Leach- Biley Acts. The biggest vulnerability comes from the small to medium- sized companies because they have the biggest risk exposure.

Properly protecting the resources is the key component to the survival and competitiveness of the small to medium-sized company. If an attack occurs, it is important to remember to:

* respond quickly and without fail;

* predetermine who the key response personnel are;

* get key personnel, such as a computer forensics expert, involved early;

* consider content monitoring of the attack; and

* determine the cost of the attack, which includes repairs, replacement, personnel, consultants and lost business.

Professionals in the area of information security and the legal industry see the future problem of intellectual property theft becoming overwhelmingly worse. As companies prepare to enter the global market in countries like China and Poland, intellectual property theft will be a greater concern.

Securing your company before those transactions take place is the survival and due diligence that needs to occur. Working with good and knowledgeable legal counsel in conjunction with professional security consultants that can assist your business needs in computer forensics investigations - along with consulting on security plans and implementation of solid solutions - is the focus for companies to succeed.

Seeking those professionals ensures the reduction and exposure of the risk of intellectual property theft during business endeavors both in and out of the country.

Duane Hopkins is the founder of Innovative Corporate Solutions Inc., located in New Hudson. His background includes a master's in information security from Eastern Michigan University, and he holds key certifications in computer forensics and ethical hacking. Currently, he is an associate professor at Lawrence Technological University, developing concentrated courses in computer forensics methodology.

Copyright © 2005 Earl G. Graves, Ltd. All Rights Reserved.

Provided with permission by Duane Hopkins
Security Consultant
29385 Tonester Circle
New Hudson, Michigan 48165
Phone: 248.467.9167
Email: Duane.Hopkins@Innovative-csi.com
www.Innovative-csi.com