Any chain is as weak as its weakest link.
We all know this sometimes overused phrase, which, unsurprisingly, proves to be correct every time in the domain of information security.
When it comes to defending one company’s intellectual property (IP) a risk assessment is in order. I know it sounds tedious and boring, however a well-executed risk assessment for the intellectual property assets will bring a wealth of information.
For example, during the information-gathering phase, a company would document where the IP is located and what processes touch and manipulate it. Still, the most important part of this phase is to document which third parties have access to the IP.
In this well-connected age, it is very rare that the IP is solely accessed by the employees of the company. On the contrary, the sensitive information is frequently shared with trusted partners (individuals or companies).
Consider these as links in your security chain.
Read more on protecting IP
Your company may have an excellent security controls, both administrative and technology to protect access to the IP from within your company.
However, as soon as the IP leaves your organisation, your controls no longer apply. For example, a technology company may use regional marketing agencies to prepare marketing materials in advance of public launch. These companies are typically small and may not have resources to invest into the same level of security controls.
If the risk assessment discovers that your partners increase the risk of the IP leakage then the risk treatment could mean either finding another partner or investing time and resources to advance the security controls in the entire process, i.e. including partner’s controls.
Talk to the companies in question, help them improve security policy, awareness, or even invest into the same security technologies that your are using.
You will find that small investment in time and money goes a long way in protecting your valuable IP.
A closing point: Use this exercise as a way to learn your business inside out. Working with managers that deal with external partners is an excellent way to show off your inter personal skills, drive to make positive change and shrug off that negative perception some business managers have towards security professionals.
Vladimir Jirasek is managing director at Jirasek Consulting Services
Read more on Privacy and data protection
Security Think Tank: Integrity of business data key to cyber defence
Security Think Tank: DNS, the underdog in cyber security strategy
Security Think Tank: Using vulnerability management to support the patching process
Security Think Tank: Get business value from security testing services by insourcing