This document discusses the threats to intellectual property in the digital age and provides recommendations for what companies can do to protect themselves. It notes that IP is increasingly being compromised due to the rise of mobile devices and remote work. It recommends that companies implement encryption, mobile device management, data access restrictions, remote wiping, data leakage prevention, attribute-based access controls, and employee training to help secure their intellectual property. Regular software updates, firewalls, and following basic security principles are also important protective measures.

1. The Loss of Intellectual Property in
the Digital Age:
What Companies can do to Protect
Themselves
Christopher Kranich

2. The Digital Revolution
• People are now more connected
– More information in less time
– More often
– Greater distances
– Many security challenges for business

3. Cyber-based Threats to IP
• Sources evolving and growing rapidly
– Competitors
– Malicious employees
– Well intentioned employees
– Criminal groups
– Hacktivists
– Foreign governments

4. IP is Valuable
• Cost to design new projects or services
– Engineers
– Designers
• Cost to manufacture
– Proprietary processes
– Material sourcing
– Pricing information
• Marketing costs

5. New Work Locations
• From home
• On The road
• Businesses/public places
• Security
– More chances for deletion, theft of compromise
• WiFi networks
• Device theft of damage
• Over the Shoulder
• Co-mingling of the personal and the private

6. Types of Devices
• Laptops
• Theft, Over-the-shoulder, WiFi
• Smart Phones
• Theft, WiFi, unpatched
• Tablets
• Theft, WiFi, unpatched
• Desktops
• Not updated, no virus protections

7. More Data
• Large capacity
• Smaller storage medium
• Cheap
• More cloud-based storage
• User can download a large amount of IP
quickly
• Malicious or innocent intentions

8. Reasons IP is Compromised
• Innocent Reasons
– Work outside of office
– Curiosity
– Recovered IP
• Malicious Reasons
– Do not like job
– Sell IP for profit
– Hacktivism
– For fun

9. Employee Views of IP
• Attribute ownership to the person who
created it
• Cheap, easily moved, copied, and manipulated
• Okay to take with them to their next job
Symantec Report

10. VW vs. GM
• Executives took 1000’s of pages
• Photocopied in physical from
– Secretary
– Other Witnesses
• Carried out in boxes of briefcases
• Lots of witnesses to IP removal
• 100 million Dollar settlement

11. Starwood vs. Hilton
• Over 100,000 files stolen
– Starwood luxury concept
• Hilton came up with their own version
– Board presentations
– Market research studies
– Valued at 1 million Dollars
• Downloaded to laptop
– Easy to steal data
– Quick, behind closed doors, portable

12. What Companies Can Do To Protect Themselves

13. Encrypt Data
• VPN
• Full-disk encryption
• USB sticks
• Emails and attachments

14. Mobile Device Management
• Common for employees to bring their own
device (BYOD)
• Poses many security challenges
– Corporate data vulnerable to theft, damage, or
deletion
– Hard to keep track of
– Corporate data and personal data on same device

15. Software Solutions
• MobileNow
• MobileIron
• Zenprise
• IBM
• Symantec
• Airwatch

16. Customizable Device Policies
• Control which device features and built-in
apps can be used
• Specify what the authentication requirements
are
• Apply specific policy sets to specific groups of
users
– Time, roles, types of data, location

17. Jailbroken or Rooted Devices
• Pose a big security risk
– Unstable or not updated
• Detect these devices
• Enforce greater controls for them
– Lock or wipe
– Ban from network
– Approved apps
– Vpn
– Device kept up-to-date

18. Centralized Updating
• Update OS and apps remotely
– Convenient and easy
• All devices patched at the same time
– All devices on same footing
– Eliminates specific vulnerabilities

19. Applications
• App blacklisting
• Block and revoke any apps from any user
• Track usage
• App-to-app encryption

20. Email Features
• Ability to encrypt attachments
• Prevent unauthorized copying and forwarding
• Restrict sharing of attachments to certain apps
• Specify attachment file types to encrypt

21. Data Storage
• Storage all data in a home directory
– Persisitent and centralized location
– Easy to set up automatic backups
– Easy to selectively distribute data
– Easy to track data and wipe if neccesary
– Can have multiple clients
• Different platforms accessing the same directory

22. Data Access Restrictions
• Geofencing
– Data only accessible in certain locations
– Prevents data from being accessed off site or an
area of the office
• Time-Based
– Data only accessible at certain times
• When employees are working
• When a project is active

23. Remote Lock, Locate, and Wipe
• Lost or stolen
• Infected with malware
• User leaves company

24. Data Leakage Prevention
• Deep content inspection
• Reads data to find high value IP
• Does not prevent attacks
• Limits accidental deletion or moving

25. Data Leakage Prevention
• System figures out sensitive data on it’s own
• Logs moving, copying, and deleting
• Prevents user from emailing data out by
making it read only
• Requires fine tuning

26. Attribute-Based Access Control
• Grants access based on attributes
– Location
– Authentication method
– Deviation from the norm
– Type of data
– Time of access

27. Cloud Storage Solutions
• Data integrity
• Access is controlled
• Data must be available when needed

28. Cloud Storage Solutions
• Policy for backing up data
• Data is encrypted in storage
• Data is sent to facility securely
• Data is backed up regularly
• Data is kept in multiple locations

29. Employee Training
• Protect credentials
• Good passwords or passphrases
• Social engineering
• Alerting IT

30. Basic Security Principles
• Log activities
• Set up alerts
• Use IDS system
• Set up firewalls on internet connections
• Control physical access

31. Basic Security Principles
• Set up user accounts
• Give users their own account
• Provide the minimum amount of access
needed

32. Questions and Comments