Most conversations about cybersecurity are centered around data breaches and the potential damage that stolen data can do to a company. When hackers steal personal information about your customers or employees, the costs are certainly high, especially when you consider the fines and penalties associated with the breach, lost customers, and the damage to the company’s reputation. And because of the strict reporting laws regarding data breaches, we tend to hear more about these incidents than other types of cybersecurity breaches.
And unfortunately, other breaches, most notably the theft of intellectual property, can be even more devastating to a business. Up to 80 percent of a company’s value is in its IP, including products, designs, trade secrets, copyrighted data, and more; and if that property is stolen, the costs can be immeasurable. Stolen IP can obliterate any first-to-market advantage a company may have, for instance, or cause the loss of an entire product line or customers to a competitor.
The problem is, though, that many companies are so focused on protecting their company’s customer and financial data that they don’t fully understand the ramifications of IP theft, or take the necessary precautions to keep that data safe from hackers. Unlike in the past, when intellectual property theft was primarily a physical crime – that is, files, drives, disks, or even entire computers were stolen from a business – IP theft today is almost entirely electronic. It’s also a crime of opportunity in many cases. Although some cases of IP theft are aimed at a specific company, often it occurs as a secondary crime. When hackers gain access to a company network, they are often able to find intellectual property that’s worth big bucks on the black market.
The prevalence of IP theft makes it all the more shocking, then, that so many companies still don’t place the same priority on mobile security as other forms of cybersecurity. In the age of BYOD, unsecured devices can be a major contributor to IP theft, without anyone even realizing it.
The Risk to Mobile Devices
Imagine this scenario: One of your employees is out on the road, and decides to check work email while standing in line at a coffee shop. One of the emails is from a colleague, asking for some files related to a new product launch. Without a second thought, your employee accesses his cloud drive and sends off the files, all before his latte is ready.
From a productivity standpoint, this is beyond efficient. However, what your employee didn’t realize was that guy in the corner who looked like a local college student was actually a hacker, and he has spent the entire morning collecting passwords and other information from unsuspecting coffee shop customers using the free Wi-Fi – including your employee. Based on the intercepted transmissions, he now has access to your company network, and copies of your intellectual property, which he plans to try to sell to your competitor.
This is just one way that mobile devices can put your company’s IP at risk. Without adequate security in place, any time one of your employees uses his or her device outside of your private network, it could potentially expose your data to hackers. Even something as simple as a lost smartphone not secured by a lock screen could give a competitor or criminal access to your client lists, corporate network, or files stored on cloud services. And with the number of spear-phishing attacks on the rise, it’s very likely that your company’s devices could be targeted for the purpose of stealing IP.
Protecting Your Devices
Obviously, banning mobile devices from your organization and going back to paper only isn’t the best way to protect your company’s IP. However, you do need to employ a few key security tactics to keep that valuable information safe.
- Establish and maintain a mobile device management plan. Your IT department should be aware of which devices are being used on the network and can install and update security software, as well as remotely lock and wipe devices that have possibly been compromised.
- Install mobile security software to prevent malware and more.
- Acceptable use policies. Mobile devices that are used for work need to adhere to specific policies, including which apps can be downloaded and which security features must be enabled.
- BYOD devices must be locked and use password protection on all apps.
- Establishing a VPN. Employees should not use public or home Wi-Fi connections for work purposes, but rather log in via a secure VPN to keep hackers from monitoring their activities.
Keeping mobile devices safe is just one more layer of protection for your intellectual property. By keeping that information out of the wrong hands, you could save your business untold millions – or even ensure its very existence.