Global fraud reports frequently detail pharmaceutical intellectual property (IP) theft, and 2016 will be no different. In fact, 69 percent of the companies that were surveyed for a report in 2015 by Kroll, Inc. admitted fraudulent activity on servers and databases, with 13 percent of those specific to IP theft. Further, in January this year Financial Times reported a conspiracy where two GlaxoSmithKline scientists were charged with theft of trade secrets sold to China for billions of dollars.
Using a brand new type of firewall or changing the way your network is set up is important and will take some time to implement. However, there are a few things that companies can do immediately to combat IP theft.
Here are some ways you can decrease the risks of IP theft without adding many new tools or procedures:
1. Establish baseline metrics
Use analytics tools to understand what typical usage looks like on your network so you can identify outlying behaviors and create alerts around this activity.
2. Set up an IT employee exit checklist
When employees leave, make sure logins and access to all programs are removed. This can seem daunting to do every time someone leaves, but it’s important in preventing unwanted access. Don’t be afraid to consult an employee exit checklist to help you remember.
3. Educate employees about internet risks
According to cybersecurity book Easy Prey, 45 percent of employers don’t provide internet safety training to their employees. Check out resources on common cybersecurity issues like social engineering attacks and ransomware to educate employees.
4. Create usage and internet policies
Each department should not have a different security policy. Assign one person to oversee security policies and contracts. It could be HR, a CSO, or a CIO, as long as employees know where to turn for security policies and issues.
5. Setup remote access policies and education
When working from home, employees can get a little lax on security. Educate remote employees about what they can and cannot do from their home or makeshift on-the-road offices.
6. Device upload and download procedures
Malware that can capture credentials or share IP is easily downloaded. Create procedures to ensure that devices connected to the network are required to get explicit permission from the user or administrator to download or install.
7. Backup anything important
Whether it’s a company blog or a tiny dataset, if it has any value to your organization, it’s worth backing up and ensuring those backups work.
8. Double check access permissions
In larger networks, it’s easy for users to slip through the cracks and have access to areas they shouldn’t. Granular and regularly updated user permissions go a long way in protecting data.
Not all of these suggestions are technical, so they may be easier to implement by non-tech staff, resulting in a higher adoption rate. If you are concerned about the cost of the technical suggestions, don’t buy what you don’t need. Instead, make sure you choose tools that employees will use (i.e., something as close to their typical work routine as possible) and ones that provide oversight of activity for IT. Auditing and analytics in some file governance platforms enable direct oversight anytime files or important data points are moved or removed from the database.
To learn more about SmartFile, go to: www.smartfile.com.