How can I best protect my organization’s intellectual property?
The next step in risk management is to determine the threat to your IP. The FBI can assist in identifying the foreign espionage threat and the specific tradecraft utilized to steal IP.
Tradecraft includes the recruitment of a trusted insider, cyber intrusions and covert measures cloaked as overt business transactions. The FBI’s Counterintelligence Division has a headquarters section and 56 field offices with Strategic Partnership Coordinators (SPCs) dedicated to assisting the private sector in identifying the threat to IP posed by foreign espionage. SPCs are able to provide CI Awareness briefings and CI Vulnerability Assessments to ensure companies have strong CI programs.
Maintaining “four-wall” security and information security (including “need-to-know” criteria), are other common basics. Otherwise, to commercialize IP requires that you share it with others. This includes people involved in legal, sourcing, marketing and sales. Legal should be at the forefront, controlling everyone’s use of IP by contracts that are strong, venue-specific and enforceable. Contracts also need to contain audit, compliance and penalty provisions.
Finally, you need a brand protection program designed around your budget and primary consuming and producing markets. You can’t protect the world, so you have to protect the most important parts of it.
There’s a saying within the operations security community: “If you don’t know what you’re trying to protect, how will you protect it?” In other words, if your employees don’t know what information is critical to your organization, they can’t be expected to know what they should protect, or how to do so.
Also, employees need to be trained to recognize and react to social engineering attempts, which are low-tech attempts to steal information by exploiting human nature. Once they can identify the critical information and understand the threats, all employees become part of your security team.
Leads received from industry are analyzed and vetted by agency partners, and reviewed for criminal investigation or interdiction activity, as appropriate.
Start by visiting our Website at www.ice.gov/pi/iprctr. There you will find contact information, and links for reporting an alleged IPR violation and to the IPR Center Report, a newsletter with information on enforcement activities and industry trends.
Next Month’s Question: How can I make a good business case for a proactive security project
Solutions Snapshot is presented by the Security Executive Council; visit the SEC website for more information about the organization.