Brain drain: Protecting your organization's IP
Intellectual property is the new PII, targeted by hackers and inadequately secured. Here's how to protect IP.
By Lauren Gibbons Paul
February 06, 2012 — CSO —
Global healthcare provider Best Doctors employs the most robust technologies and practices available to protect the privacy of its members' personal data—but that's just a part of doing business in this industry. Less obvious but equally important is the degree of vigilance with which the company protects its brand name, which is trademarked in dozens of countries worldwide.
"Our distinctive name and logo, those two words connote the high quality of our doctors and hospitals. Something very simple can be very powerful," says Tom Seaman, senior vice president and general counsel for the company, which provides health insurance as well as health advisory services.
[Also in this special report on IP protection:]
Jason Clark: 4 keys to IP protection
The in-depth guide to data destruction
Patent trolls in our midst—what your general counsel is worried about
Bob Bragdon: SOPA, PIPA, Anonymous and IP
Though Best Doctors has a small portfolio of patents (including a business process patent it received in the 1990s when such things were in vogue), the firm's primary focus when it comes to intellectual property protection is its brand, which is trademarked. "We take extreme measures to protect it," says Seaman. His vigilance is entirely appropriate.
This is no time to blink. Many now see intellectual property (IP) as one of the most important corporate assets—worthy of protection, electronic and otherwise.
"Targeting of IP is increasing," says Gary Loveland, partner at PricewaterhouseCoopers. "We're seeing an evolution from a hacking perspective. Before, [breaking in] was just a trophy to show you could get access to the data. Then there was identity theft. Now, there's a focus on IP because of the profit motive." Accessing a company's proprietary information provides a quick path to stealing its business.
Download CSOonline's Ultimate Guide to Intellectual Property Protection for even more IP security practicals from CSOs and other experts [15 page PDF — free Insider registration is required]
Daily headlines detail attacks on corporate IP, especially when the assaults are launched from emerging economies such as China. For example, security software vendor Symantec recently announced its discovery that hackers had targeted the intellectual property of about 50 organizations, including chemical and defense companies, in a global wave of cyberespionage. These attacks were thought to be the work of a Chinese man. Symantec competitor McAfee also reported that it detected that 72 organizations had been subject to cyberattacks on IP last summer. Google disclosed its Aurora attacks in 2010. The Wall Street Journal recently reported that the Chamber of Commerce suffered a major theft of information, also believed to have been conducted by someone in China. The full extent of the damage from these incidents won't be understood for years, say experts.
But as scary as these stories are (and they are that, if you're paying attention), they shouldn't eclipse your concern over a host of more mundane but potentially equally damaging threats to your company's IP. The most common scenario, alas, is that an employee unwittingly shares a trade secret or a confidential idea, or that your business partner forgets about a nondisclosure agreement signed long ago. Social networks make this scenario exponentially more likely. The problem is, most companies have a broad range of information that can be considered intellectual property—though many have not taken the time to properly identify it all—and protecting all of it from myriad threats is a daunting prospect.