Protecting intellectual property and confidential information is a huge challenge for businesses. The recent data breach at French defence contractor DCNS, where over 20,000 pages of documents exposing the combat capabilities of submarines DCNS is building for the Indian Navy, highlights just how difficult it can be to keep IP safe in today’s world.
Whilst most businesses do not have access to such sensitive information they will possess confidential information in one form or another and, in the 21st Century, all businesses are operating in an environment plagued with sophisticated attackers. IP and confidential information is notoriously difficult to protect so businesses should develop a security conscious culture and focus on raising and maintaining awareness of the changing threat landscape with its employees.
Top 10 Tips to help you protect your business’ IP and confidential information:
1. Educate employees. Employees must understand the importance of information security and we recommend developing appropriate policies so that responsibilities are clear.
2. Implement an on-going awareness programme. The threat landscape changes constantly so it is important your employees understand new threats particularly when they can be targeted i.e. social engineering.
3. Implement and enforce a stringent password policy. This will help prevent unauthorised access to systems operated by the business. Ensure strong passwords are put in place by all employees which are of a reasonable length with varying characteristics, i.e. numbers, letters, and special characters, and do not permit employees to use personal information in their passwords to make them more difficult to guess.
4. Operate a clear desk and clear screen policy. Avoid the risk of sensitive documents containing confidential and sensitive information from falling into the wrong hands.
5. Implement “defence in depth”. Layer your security, particularly with your most sensitive or confidential data so that even if one layer of security is compromised there are still other layers to prevent unauthorised access.
6. Regularly review and investigate logs/alarms. Look for suspicious and unauthorised activity and consider implementing Security Incident Event Management (SIEM) software to automate the log analysis process.
7. Implement a data loss prevention solution”. One of the biggest threats to IP and confidential information are employees. Protect yourself from this insider threat by preventing users from sending certain data to an external source and which tracks and monitors data movement that is prohibited.
8. Only grant the minimum access required. Restrict access to sensitive and confidential files with access only to be authorised on the basis that it is essential for an employee’s role, reviewing access permissions regularly and removing access when it is no longer required.
9. Include appropriate IP and confidentiality terms in employees’ contracts. Protect your IP and data and outline the consequences of failing to do so.
10. Disable employee access to sensitive information upon resignation. Should you require any further information regarding protecting your IP and Confidential Information. please contact Sarah Cook on sarah.cook@dmhstallard.com.
To help you put in place a robust system to protect and enforce your Intellectual Property Rights (IPRs) and to ensure that the business is aware of, and complying with, applicable laws and regulations, we offer a free 30 minute IP Consultation for your business. The information you provide will enable us to consider potential areas of risk and enhance your business’ IP protection and enforcement strategy.
To find out further information, or to book your free consultation, please contact David Paling on 01293 663512 or david.paling@dmhstallard.com.