Skip to main content

IP Theft Prevention: Beyond Just Technology

November 12, 2012

News headlines about credit card numbers being stolen and other successful security attacks on intellectual property (IP) during the last decade have raised awareness in these kinds of threats. Although many companies still intuitively want to keep major security incidents from public view, they are now much more open to communicating details of the attacks because of legal obligations to regulators and their customers.

Another result of these incidents is that more companies are taking a harder look at their security postures and preventive measures. It’s not enough to buy off-the-shelf technology solutions. Processes and the fine-tuning of technologies also play a critical role in minimizing IP theft at companies of all sizes.

After working with small, medium and large companies from around the globe on IP attacks after they happen, we know that such attacks most commonly come from current or former employees. How does a company prevent such occurrences within their own walls – and what can it do to prevent threats from the outside?

While there’s not a single tool that will ensure IP theft won’t occur, there are resources and tools that can mitigate these risks. It’s best to take a multi-level approach with the following directives in place to help prevent IP theft:

Merge Good Technology with Good Overarching Security Policies – The most robust programs to prevent theft reach into every part of the company and include policies and technologies that complement each other. Technology alone is not enough to mitigate the risks.

Create and Communicate – You can have the best security technologies at your fingertips, but without policies that guard against IP theft properly communicated, these technologies are meaningless. Generously promote security policies to your employees. Messages about ensuring strong password sets and resets at regular intervals and promoting security awareness training to employees as soon as they’re hired are two examples.

Build Protective Architectures Conducive to Business – It’s possible that security policies and processes are so strict that they impair a company’s ability to do business. Not every bit of data needs to be encrypted or kept in front of a firewall. Companies need to decide what information is proprietary and what isn’t early in the security assessment process. You don’t want security to suffocate your business needlessly. Experts can help you prioritize where you need security and where you don’t.

Customize Security Solutions – Companies should tailor the various technologies to their own particular businesses. It’s not “one size fits all.” For example, some software can be customized to prevent copying information on a USB drive or CD.

Monitor Internal Traffic Trends – The auditing of large file transfers or related activity should be part of your strategy to prevent IP theft. For instance, a slew of software or file transfers or deletions from a workstation or server, or other unusual internal business activity should raise red flags as an incident to analyze and audit. It’s good to have a baseline to start from and for all network anomalies in the baseline – internally and externally – to be detected and flagged.

Consider DLP Technologies – Are you preventing the loss of sensitive files from inadvertent actions and malicious intent? If not, there are Data Loss Prevention (DLP) technologies that protect “data at rest” and “data in motion.” These systems are designed for deep content inspection to detect and prevent unauthorized transmission of confidential information. A sound DLP solution in its elementary form includes a system that performs fingerprinting and heuristics (experience-based techniques) to identify and tag the data that’s being monitored for unauthorized access and transmission. A robust DLP program includes a DLP assessment that entails data classification and lifecycle analysis in conjunction with DLP systems in place to prevent a DLP incident.

Perform Network Security Assessments – It’s good to step back and make sure that all security technologies on a network are working in tandem with each other to form an effective defense to attacks. Assessments are needed to identify any security gaps from a holistic standpoint. You should ask, “Where is critical data located and how is that data secure?” A robust and secure network is always proportional to an efficient network with managed risks.

Be Prepared for Incident Response – Install proper incident response and related forensic investigation policies so people are not at a disadvantage when a security breach occurs. They need to know exactly which experts to alert to begin an investigation and all the appropriate actions that need to be coordinated with the proper resources – whether that be inside or outside the company. Outside security experts can often collect forensic information with special tools that holds up to legal scrutiny, which can be advantageous in today’s litigious world.

The risks of IP theft are dynamically changing with ever-evolving networks. These risks can be proactively managed and the threat of IP theft remarkably lowered by preemptively engineering solutions that cater to a robust network security program. This includes building an intelligent camaraderie between people, process and technologies.

Related Blogs

December 01, 2011

Securing Network Architecture - Part 1 | Optiv

Today, securing a network cannot be fully accomplished with just a product or a solution. Rather, an in-depth holistic approach is required to protect...

See Details

December 01, 2011

Securing Network Architecture - Part 2 | Optiv

The methodology of securing any network architecture should include, but not be limited to, the network topology, security assets, device features and...

See Details

April 18, 2018

Testing Password Reset Token Predictability with the Reset-A-Tron Burp Extension

Most web applications provide a 'forgot my password' feature where a recovery or reset token is delivered to the associated account email address. Usu...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.