What’s yours is mine – Symantec study highlights intellectual property risks
Who owns what in the employee-employer relationship? It’s an interesting line within these relationships, where definitions, boundaries and ownership intersect. We’re talking about the information and intellectual property that an employee produces while working for an employer. In an era where there is so much fluidity of data, it’s a question that brings up other questions and technologies that can help. Still, technologies aside, there is a struggle and inherent challenge to be faced in this era of social media, mobile phones, tablets, BYOD and open source software. Companies have shown great concern over this as technological advances have made data more useful through mobility and rapid exchanges, but it’s also left the enterprise more vulnerable to data theft. Take a look at a recent case where the New York District Attorney has prosecuted several controversial cases of software source code theft in the past year, including a recent case, despite the fact that many of these software engineers believe they are doing nothing wrong. In the end, a company’s intellectual property is at risk, because protecting corporate data, especially when an employee leaves a company is as important to protect at that point in time as any other.
Study finds some big issues
Symantec put out a study called What’s Yours is Mine that discusses the data challenges that companies face. In a briefing with Robert Hamilton, Information Risk Management at Symantec, he discussed the biggest findings in this issue and some answers to how to make things much better. Among the most interesting points that came out of the study:
- 2 out 5 employees download work files to personally owned tablets or smartphones
- 2 out of 5 employees plan to use old company confidential information in their new jobs
- 56% of employees do not believe it is a crime to use a competitor’s trade secrets
- 68% say their company does not take steps to ensure employees do not use competitive information
Risk is the name of the game
Symantec has also produced an infographic that does a great job at illustrating the disconnect between employees and employers when it comes to who owns certain information. This also shows that the risk does not only fall on companies whose employees leave with their data; there is also legal risk to new companies who attract employees who bring their old company’s data with them.
Most security measures focus on the really obvious kind of threats, from outsiders – hackers, cybercriminals, but as the report shows, there is a significant risk from inside the very organization from employees, and this logically extends to threats from partners and even from clients. While companies can do a better job of educating their employees, they will not stop their employees from using mobile phones and tablets, mixing work with personal items or be able to educate certain disgruntled employees – known as Malicious Insiders – who wish to profit from their access to valuable and confidential corporate data. This compels companies to invest in new processes – better education, enforcing non-disclosure agreements and monitoring technology – to mitigate their risk. Changing attitudes about IP theft or loss can be difficult, but a proper approach involving those three tools is key to the best possible result, minimizing risks and securing sensitive information.
Training, NDAs, and DLPs – Oh my!
So that’s it – three familiar wheels – people, process, and technology. Training employees on how to protect information, and properly defining the employee responsibility, those are big pieces. Having proper and well-enforced policies like NDA’s reinforce these matters so that when an employee leaves, the definition of ownership of information is solid. Finally, the technology and there are a number of pieces to that. It wasn’t long ago that people were concerned about mobile drives, thumb drives, and CD burners. How we long for those simple days. Today we have cloud-based file sharing, many more people have laptops and tablets, we have smartphones and the list just keeps getting bigger. On the enterprise side, many organizations utlize DLP –or Data Loss Prevention technology. Basically, this type of tool monitors, detects and blocks sensitive data in various states throughout the corporate network. Whether data is at rest, in motion on the network or in use, DLP technologies are implemented around business-strategic events. For example, if there is reason to believe a group or particular employee may be leaving the company, it may make sense to log the information they access, copy, email and so on until they leave. If a particular group of engineers handle sensitive information or sensitive proprietary information that might be another case where enhanced protection is warranted. The possibilities are as endless as the variety of employee-employer scenarios that are further complicated by the data they handle, technologies they use, where and when they use it. In the end however, the first step is communication – tell your employees what your policy is and what you consider to be wrong.
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU