Is your IP walking out the door when employees leave?

April 21, 2010

The CEO of an internet marketing company recently called me with an urgent concern. An employee defected to a competitor and he was suspicious about the theft of valuable intellectual property. The company has a large software development staff and has developed significant proprietary IP.

We checked email logs and discovered that a number of email messages with large attachments were sent by this employee just prior to giving notice. However, the employee had deleted the email messages just after sending them. By the time the system was backed up in the evening there was no record of the email details. The company was left without proof that IP was stolen, but it sure looked suspicious. It also became clear that employees knew how to cover their tracks and send information out of the company without getting caught.

It occurred to me that this must be happening all the time, especially now that employee turnover is rising with the recovering economy. What can companies do to protect themselves from this mis-use of IP?

We made the company aware of cost-effective solutions they could put in place quickly to address these concerns.

  • Email archiving – copies of all messages are kept off site for an extended period – these are streamed to an archive, rather than just having a daily snapshot taken with the backup system.
  • Data Leakage Protection – This is a low cost way to encrypt specified directories and prevent IP from being sent out via email, FTP, or memory sticks without explicit permission. An audit trail of all activity on these files is kept.
  • Directory permissions – employees are given access to information on a need-to-know basis. Group directory policies are clear and automatically enforced by role.
  • Security Policies
    • Password policies – no security policy will work if passwords are shared between people freely or if they are easy to guess.
    • Confidential information policies – employees need to know what is confidential and what the company expects. Lawyers often say that courts will not protect your rights if you have not taken reasonable efforts to do it yourself.
    • IP tracking policies – All new and existing sensitive content is marked as such and subject to encryption and special tracking rules by the security system.
  • Employee Communication – Employees are made aware of company policies and that measures have been put in place to prevent unauthorized copying or sending of IP. They also know that all activities related to these files are tracked, keeping honest people honest.

Management now knows that reasonable efforts have been put in place to safeguard their IP. They have peace of mind knowing that disgruntled employees are restricted from misusing company information and that employees cannot accidentally violate these policies.

If you’ve found interesting solutions to security concerns we’d love to hear from you. We are always looking for cost-effective solutions for our clients.

Advertisement
Posted by Mark Richards
Filed in Uncategorized
Leave a Comment »

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.