Your IP is data in the form of customer records, business innovation tools and processes, and any information that could put your business at risk if not secured. Let’s look at the three security fronts that need your attention to prevent IP loss:
Having important data in Excel Spreadsheets or a business system often means that almost anyone internally can access it - and there are little to no security measures in place to prevent them from doing so.
This can make it simple to copy, print and email important customer information to anyone, both internally and externally. Not only are you at risk of losing valuable client information if an employee moves on from your organisation, but the risks to customer privacy are incredibly high. Under new regulations, data breaches must be reported or there are major consequences.
Using simple features such as passwords on spreadsheets or implementing user access control to regulate who has access to sensitive data is a commonly used feature in modern systems today. With this type of role-based security you can also control what people can do with files or system data and limit the copying, sharing, editing or creation of customer data records.
These can help limit the ability to share valuable IP – but is not completely secure. Extra measures should be taken including regularly auditing access and user actions, segmenting your data so only the relevant teams can work with it, or preventing bulk exports to safeguard your customer data.
Most organisations today have some form of cyber security training, but not all. If companies do have it, it’s often a “once-and-done" exercise at the start of an employee’s tenure, which is easily forgotten as time goes by.
This isn’t enough, when you consider that 95% of cybersecurity breaches are due to human error. The best prevention method is an ‘always on’ approach to employee training. Your employees are your first line of defence in protecting your IP so you must ensure that staff complete their initial training and undertake refresher courses every year to keep up to date with the latest threats, red flags to look for, defensive procedures and threat reaction plans.
Through the media we are increasingly aware of the cost of cyber hacks, phishing attacks and identity theft, yet there’s still a common attitude of “this won’t happen in our backyard”. Yes, security defence systems, IT protocols and firewalls will help prevent many dangers. However, without having an embedded culture of cyber security awareness, the systems and preventative measures you have put in place as an organisation will mean nothing.
The most common security threats include scammers impersonating a business you may be familiar with or have worked with in the past, fraudulent emails as well as viruses, malware and ransomware. Hackers and spammers have got more and more sophisticated, to the extent that sometimes it’s hard to tell a phishing email from the real thing.
That’s bad enough, but have you considered the threat of your data walking out of the building in the hands of an unhappy employee or when someone leaves the company? A recent survey by IT services company Accenture found that data theft by employees affects 69% of businesses.
That’s why internal use controls (Front 1) and employee awareness (Front 2) are only two parts of the security puzzle. The last piece is your overall system security. In today’s modern way of working, with remote mobile working and BYO devices, this is crucial.
Your technology team need to be able to closely manage, monitor (and quarantine if necessary) every device with access to your networks and data. Cyberthreat and data protection tools need to be built-in and the threat defences constantly updated. Cloud backups are also essential today, to restore data and systems if the unthinkable occurs.
This may sound a bit paranoid, but to keep your customer data secure these measures should be standard issue. Modern IT infrastructures should have this functionality baked in to protect your IP and the applications that hold your data. For example, a secure CRM system with the correct user permissions and security settings in place, backed up by software that protects against fraudulent network access through user devices.