In the US, a non-profit tech-consortium has recently outlined some advised best practices that companies should ideally follow in order to protect their digital IP.
To safeguard data, e.g. Intellectual Property, companies should follow a number of well-defined steps that have been formulated to give users better visibility of data & make it more difficult for ‘bad players’ to access it & steal it.
A California-based non-profit that is a strong advocate for IP protection circulated a list of the best practices for protecting digital IP this week. This group, called the ‘Alliance for Gray Market & Counterfeit Abatement’, or AGMA, just this Tues. published this list of IP protection essentials:-
Says AGMA, best practices must include:
- Access Control Policies and Procedures
The organisation makes the point that maintaining ‘uncontrolled or poorly controlled access to data & business systems can lead to organisations finding themselves very exposed to risk. “Ensuring a comprehensive access review of all applicable systems is imperative to identifying access risks,”
Their guidance quotes, “This should include appropriately restricting access & ongoing reviews of access levels. A sound access control policy should outline the controls placed on both direct & remote access to computer systems to protect networks & data.”
- Event Logging
The best practices mean event logging & visibility in order to understand what is actually happening within the company environment. AGMA is advising organisations to ‘log & retain comprehensive records of events’, when they have occurred, where, the source of the event, the outcome, & also the identity of any individuals linked to the event.
- Monitoring and Reporting
AGMA states that ‘appropriate’ data analytics should be used to check & to identify trends for any transactions that are outside of ‘the norms’ or usual expectations. “Any unauthorised use should be reported to the appropriate parties, & enforcement actions should start immediately.”
- User Awareness and Training
Information Security awareness training is another weapon companies should use in their struggle against IP theft. “Ensuring that users are made aware of the ways in which they might unintentionally expose IP is of extreme importance.”
- Security by Design
Advised also is ‘Security by Design.’ “Planning & policies for building security up ‘front’ (vs. after the fact) should be implemented & adhered to, as it is much more expensive to add security later than it is to design it in right from the start. Security capabilities should be proactively included within applications, programs & infrastructures.”
- Continuous Improvement
“Securing digital IP is not a ‘once & done’ process. Monitoring information security best practices, performing risk reviews, & scaling security policies & controls continuously is needed to keep ahead of emerging threats,”
AGMA observed, adding too also that companies should create, ‘a culture & introduce processes that prioritise adding ‘periodic’ security improvements.’
Whilst applying AGMA’s guides is not compulsory in the US, these steps may well help a business to prevent IP theft. AGMA is also encouraging companies to ensure they comply with standards such as HIPAA, NIST, GDPR, & any standards via the International Standards Organization (ISO) that may apply, if they are not already doing this.
AGMA was created by Hewlett-Packard & Cisco Systems in 2001 & defines itself as the ‘largest group dedicated to protecting intellectual property in the high-tech industry.’
The current American administration has taken steps to promote & protect Intellectual Property, but it is still reported that IP theft continues to be common in the US.
Says a CNBC survey last year, 1 in 5 corporations (20%) suggest that companies in China have stolen their IP within the last 12 months.
Other reports claim that China is responsible for over half a trillion dollars a year of IP theft in the US. Another quoted report, published in 2017 by the National Bureau of Asian Research, observes “that the annual cost to the US economy continues to exceed $225 billion in counterfeit goods, pirated software, and theft of trade secrets and could be as high as $600 billion.
US Chamber of Commerce
”These quoted figures correspond with stats via the US Chamber of Commerce, who estimate that IP theft costs US domestic companies between $200-$250 billion a year in lost revenue.