August 2013: Has your company let its guard down regarding its classified information? Does everyone have access to almost everything, except maybe financial and human resources files? Could some team members be confused about what’s yours and what’s theirs?
If so, it’s time to leap into action and monitor your intellectual property (IP) — your business assets could be on the line! Here are the five steps to protect what’s yours:
Step 1: Map your data
Get your leadership to identify the types of information on your network, the value of each and the risk your business could face if each type is lost or stolen. This will help you see where to spend most of your effort. Also answer questions like these:
- Which items do we want to visibly label as confidential? Password protected? Encrypted?
- How do we want our team to move data around? (i.e., is it OK to use USB flashdrives? Dropbox? Gmail?)
- Is it OK to print out and walk around with certain documents?
- Do we need to reserve the right to search for our proprietary data on our employees’ devices that connect to our network?
- Do we need to have an IP training session for our team?
Step 2: Update (or create) your IP policy
Write up the results from your mapping exercise and figure out what happens if/when the rules are violated. Then get everyone to read and sign the policy. You’ll want to repeat steps 1 and 2 each year, and update your policy on an ad hoc basis, if needed.
Step 3: Monitor your data
This is your IT department’s job. When you have a policy in place and have given IT the tools needed to implement it, they know what to look for and what to report.
Step 4: Enforce the policy
This is your HR department’s job. Without enforcement, it’s like not having a policy.
Step 5: Test yourself
Put on a dark trench coat and fedora to secretly meet a “penetration tester” in an undisclosed location. Just kidding. You don’t need the fedora. But you do need to hire a third-party tech expert to try to steal your data. If you don’t pass the penetration test (or security audit), it’s OK. You know what to fix based on the report. And you may be OK not fixing some obscure vulnerabilities. And if you do pass all the critical and major gaps, congratulations! You have greatly increased the odds of your data staying exactly where it belongs — in your own pond.
The next step? Cyber security insurance, which may be a more cost-effective solution than fixing every minor security issue. Look for next month’s FrogTalk!