Head of Forensics at First Advantage, Litigation Consulting, John Shaw, explains the key measures IT departments can implement to ensure organisations can tackle IP theft and ensure a company is ‘forensics ready’ should a breach occur.
It is important for IT departments to have a thorough awareness of the types of IP within the business that are at risk of theft. These can include company performance and strategy data, patents, works subject to copyright protection, trademarks, symbols and logos, trade names and trade secrets such as chemical recipes and designs.
Often the main culprits are internal staff as they are trusted and ‘on the inside,’ so they have more confidential business information readily available to them. Contractors, clients, external competitors and hackers may also be potential offenders.
One common breach occurs when an employee is leaving to start up a new business and takes with them client lists and pricing data which will give them a competitive advantage. It follows that companies should be particularly suspicious of any sudden resignation.
Another common breach arises where a company’s pricing model in the lead up to an intensive promotional product launch is leaked to a competitor, who then uses the information to beat the company in terms of price - sometimes by just one day before the launch.
Companies need to be constantly on the lookout for competitors reacting in an unrealistic time-frame, both in terms of pricing and product development and pricing models that consistently undercut the business by a fraction.
Software companies can spend enormous amounts of money and time developing new products, yet underestimate the ease of code being stolen. It is alarmingly easy to hide and transport software code - it can be a matter of a copy, paste and send.
In this regard IT companies should take extra measures to isolate machines containing sensitive data, or put sensitive information on a separate network without access to the internet. The physical isolation of affected machines can also be an option.
Some channels of theft are obvious, such as documents stolen via email and portable hard drives. Other forms of theft are not so obvious, through the use of photocopiers, fax machines, IPods, Trojans and Bluetooth services.
There are many simple measures an IT department can take in order to prevent data from leaking either intentionally or unintentionally. Putting in place an effective ‘IT Group Policy’ restricting access rights, can ensure that only the people who should have access to the sensitive data should have access.
Company machines can also be locked down using encryption codes and password protection mechanisms. Investing in hardware to prevent access to vulnerable company material can also help prevent IP crime.
IT departments can further take measures to ensure any machine containing sensitive data does not have the facility to transport information via external means. This can mean preventing or blocking the USB ports in company desktops and laptop computers, blocking DVD writers and CD writers and restricting or disabling the use of Bluetooth devices.
Strict IT policy usage can prevent data from being transported to third party providers. For instance Hotmail, Gmail, Yahoo and other personal or external email accounts can be blocked, so employees cannot access personal email from computers containing sensitive information. This can greatly reduce the risk of IP material from being exported from the company.
Awareness and training
Every IT department has the responsibility to publicise within the company that IP protection is taken seriously. Widespread knowledge helps, including announcements that IP theft is being monitored and strict prevention measures are in place within the company.
Incorporating training on IP protection and IT policy usage at the induction stage, including awareness that data leaking is heavily monitored can be a great deterrent and prevents employees from considering doing it in the first place.
IT departments can also deploy software that acts as a monitoring system to allow administrators to access employees’ computers to ‘see’ what they are doing, including any history of illicit activity.
An effective monitoring system can speed up the process of gathering necessary evidence in the event of an IP theft or breach. It is important to note, however, that new monitoring systems require specialist knowledge and that a company should invest in the training of IT staff should they wish to take full advantage of the most up-to-date software available.
Employing the help of a compliance officer or a third party specialising in IP theft tracking to monitor and investigate suspicious activity can be vital to protecting the business.
It is also important to consider that although a company may be able to implement measures to detect the crime, it is difficult to track and prove IP theft without specialist help, as computer evidence is fragile and can be easily destroyed or altered.
As hackers become more sophisticated, so too must a company’s approach to keeping internal systems up-to-date and secure.
For instance, many employees may not be aware they are encountering a Trojan, where the destructive program can easily masquerade as an application and initially appear to perform a desirable function for the user, but in fact allows a hacker remote access to the system.
This can lead to data theft by retrieving passwords of secure information, downloading or uploading files, modification or deletion or files, keystroke logging or watching the user’s screen, all of which can lead to severe and costly IP breaches for a company.
The IT department should ensure employees understand and are especially aware of seemingly innocent programs claiming to rid a computer of malware, which instead installs spyware or other malware on the machine.
More recently, Trojans can take advantage of a security flaw in older versions of Internet Explorer or Google Chrome, so it is essential to keep all internet browsers up-to-date. When it comes to wireless networks, it is also important to ensure only modern encryptions are implemented as earlier versions could be weaker and pose a security threat.
IP theft is a growing international problem, and similar breaches and activities are occurring across the world. However the legal implications of IP theft and protection can differ greatly between countries.
For instance data privacy is much stricter in countries such as France and Germany compared to countries such as the United States.
This means that IT departments operating in different countries should be particularly aware of whether they are permitted to use certain monitoring systems and the legal implications of administration rights over employees’ computers and personal data.
Ultimately, protection against IP theft is an ongoing, collaborative effort by everyone within a company. IT departments have a paramount duty to ensure staff are effectively trained and constantly updated with the latest in IP protection mechanisms.
Time and money invested in effective staff co-operation, strict IT policy and procedures and state-of-the art monitoring can ensure a company both minimises the risk of IP theft and manages evidence of any real or suspected breach.
About the author
John Shaw is Forensics Manager at First Advantage Litigation Consulting where he manages the European computer forensics team and is responsible for the technical and forensic aspects of all European projects. Prior to joining First Advantage, John worked as an IT security consultant and a computer forensics investigator with the Sussex police.