Please protect intellectual property
Intellectual property must be particularly well protected. Once hackers have penetrated a corporate network, they can successfully exfiltrate and sell business-critical information to a competitor or nation state with competitive global markets. Ten measures ensure that companies are better prepared to protect business-critical data.
The security provider Digital Guardian provides ten tips below that can be implemented immediately.
1. encrypt sensitive data
Encrypting sensitive data is critical to protecting intellectual property. This allows organizations to add another layer of protection that makes it more difficult to access data if it is stolen by an attacker. Encryption should be fully disk and file-based for endpoints, in addition to enforcing encryption for email and devices.
2. keep operating systems and software up to date
Operating system and software updates contain critical security updates that address vulnerabilities. Automatic software updates should therefore be enabled where possible to streamline the process and ensure that everything is always up to date.
3. deployment of data security solutions
Antivirus software does not protect against all types of threats, but only provides basic protection against common, known malware. Attackers targeting sensitive intellectual property typically use sophisticated methods to penetrate systems. Antivirus software can be bypassed in these attacks. Organizations should therefore consider deploying data security software that resides at the kernel level of endpoints and provides a complete view of all data being accessed and transmitted. The solution should be able to fully lock down both structured and unstructured confidential data and employ enforcement policies to prevent this data from leaving the enterprise IT environment.
4. accounts with unique, complex passwords
Reusing the same or slightly modified passwords across different accounts is one of the biggest security risks in a data breach. If employees use their passwords more than once, compromising a non-sensitive account can give hackers access to the corporate network. From there, attackers can move to privileged accounts and access sensitive data stored in databases, directories and other IT resources.
5. archive data promptly and securely
Minimizing the amount of data stored by organizations on devices reduces the amount of information available to an attacker who has gained access to those devices. When data is no longer needed, it should be encrypted and moved to an offline storage device for long-term archiving.
6. regular activity monitoring across user accounts
Monitoring user behavior for anomalous or suspicious activity is one of the fastest ways to detect a security breach before it can cause damage. When suspicious activity is detected, all parties involved should be notified immediately. Even if other safeguards are in place, monitoring is often the quickest way to detect a security breach. Common warning signs include credentials used on multiple machines, employees accessing databases or directories they have never accessed before, or logins outside of working hours.
7. change all passwords after possible data breach
After learning of a security breach, the most important first step is to change all associated passwords. This ensures that the credentials are useless, even if they have been stolen.
8. data security settings of mobile applications and online accounts
It is also critical to keep up with data security settings for various accounts and applications, especially with the popularity of BYOD in the workplace. This ensures that unauthorized users do not have access to private, sensitive information or company intellectual property.
9. device controls for removable media
Although the majority of IT security focuses on protecting against external attackers, insider threats should not be ignored. Organizations should ensure they have controls in place for removable devices to prevent employees from accessing and exfiltrating sensitive intellectual property within the network. Device control security software that automates the process with policy-based removable media usage controls, including alerts or blocking when risky behavior is detected, is very effective in preventing insider threats.
10. employee training against phishing attacks
Attackers often find it more effective to use social engineering to trick a target into a desired action than to conduct complex, manual hacking attacks. Phishing attacks usually have telltale signs such as unknown senders, foreign domain names, fake websites or emails with malicious links or attachments. Regular employee training and simulation training are therefore recommended to strengthen employee vigilance.
Intellectual property is one of a company's most valuable assets. That's why it's important to implement a comprehensive data security strategy, including basic best practices such as password hygiene and solid patch management, across all internal departments and third-party vendors that work with intellectual property. This can significantly reduce the risk of intellectual property theft.
