Information Protection: Intellectual Property

“...Our future [is] disappearing in front of us.”

An incredibly sobering sentiment shared in 2012 by then Director of the National Security Administration and U.S. Cyber Command Chief, General Keith Alexander.  He contended that the loss of intellectual property through digital theft and cyber espionage constituted the "greatest transfer of wealth in history."

Nearly six years have passed and the cyber threat and its devastating cost to American businesses has remained; a digital dark forest we have yet to find our way out of, and there seems to be little clearing in sight.

In 2017's Update to the IP Commission Report, there is an estimate that the cost of counterfeit goods, pirated software, and theft of trade secrets exceeds $225 billion and could go as high as $600 billion annually.  This coincides with an estimate in November 2015 by the Office of the Director of National Intelligence that espionage predicated through hacking costs the U.S. $400 billion per year.  This threat represents no small consequence to U.S. businesses, but it's also not the end of the world as we know it.

It is vitally important that we not find ourselves in the stranglehold of a doomsday mentality.  Instead, we must maintain an honest and transparent view of both the current threat landscape as well as our overall approach to digital security.

Know your data.  What type of information does your company store digitally: personally identifiable information (PII), payroll and banking records, proprietary information or trade secrets?  How do you use it and who has or needs to have access to it?  Is it encrypted?  Is it kept in house, in the cloud, on employee devices?  For how long do you need to maintain it?  How is it backed up and where are those backups stored?  

Know your weaknesses.  Taking an inventory of your digital assets and how they are managed will uncover flaws.  There is often a disconnect between the way information should be used and stored, and how it is actually used and stored.  Periodic audits of company policies and procedures is a must.

Know your plan.  Every organization should have a cybersecurity framework in place for securing their operations, network and data contained therein.  Security is an all-hands on deck endeavor and should be treated as such.  Relegating cybersecurity to that of a simple IT matter often undercuts efforts made towards digital security.  Put time, energy and resources into training your staff to take seriously their role in protecting the company and its data from loss or attack.

Know what to do when everything goes wrong.  Plan for and practice your company's response to data breach.  Put together an Incident Response team that spends time preparing to handle an array of possible attack scenarios that your business is at increased risk for.  Know who to contact in law enforcement if you do suffer an attack. Practicing your responses will highlight areas of your plan that need attention and further strengthening before a situation actually occurs.

Because the problem of digital theft is so pervasive and the consequences so severe, we need to not only be aware of the danger, but prepared to protect ourselves and our businesses against it.  Make sure and register for the upcoming Microsoft Modern Office webcast, “Information Protection: Guarding Your Digital Assets”, here, where you will learn much more about the significant cost of cyber theft and what Microsoft and other industry leaders are doing to help companies stand ready and defended.

Effectively guarding our digital assets from the myriad of threats in today's world is essential and will continue to be a necessity as we ready our companies to compete and sustain in the future to come.  If we can do this, then the future will no longer be disappearing in front of us, but rather be ours for the making and no one else's for the taking.

Disclosure: this is a Microsoft-sponsored brand post.