MBA Research

Trend #32: Intellectual Property

As technology continues to evolve and play a primary role in business, cyber-crime will continue to pose threats to the safety of intellectual property and other data housed online. The global data-breach cost is projected to be more than $2 trillion by 2019. This month’s Action Brief examines the threats to intellectual property as businesses maximize the value of sharing information online while minimizing intellectual property risks and losses.

Workplace Implications

Cyber-attacks can be very sophisticated, reaping huge financial rewards for the perpetrators and potentially bringing businesses to a standstill. But, damage can also be done unwittingly by careless employees or by a single person with a grudge. Organizations must prepare an offense that puts them in a position to minimize the destruction from either type of attack. 

Cyber-attacks from outside the United States are pervasive and costly. Executives across our nation are pushing the government to be more proactive in working specifically with China to minimize those data breaches. Most likely, every major U.S. company has had its online information pilfered by Chinese hackers. 

On the flipside, American and European officials recently agreed on a new transatlantic data transfer deal. The EU-US Privacy Shield will govern access to people’s digital data as the data move back and forth across the Atlantic. European Work Counsels are also strengthening security measures around employee personal identifiable information coming into the United States in response to less rigid privacy protections in the U.S. 

Ransomware is the latest emerging cyber-threat that businesses are encountering. Attackers hijack company online information until a specified amount (i.e., the ransom) is paid to release the data. A southern California hospital recently paid $17K in bit coins to regain its patient information. Although its records were released to them, there’s no guarantee that businesses will get their data back-- even when they pay the ransom. 

Not all cyber-crimes are committed behind closed shades. Some companies utilize competitive intelligence in the field to track employees of rival companies to gain information by swiping a cell phone or by gaining visual access to a laptop screen. Many businesses now prohibit smart phone photographs of white boards containing company information out of fear that the photographed information will be stolen by a competitor. 

A disgruntled CTO has admitted to sabotaging his former company’s business portal, bringing operations to a standstill and effectively shutting down the business. He was upset with the founder/CEO’s decision to decline a purchase offer that would have benefited the CTO. The founder used his 401k and his children’s college funds to rebuild the business from scratch. 

The music and motion picture industries are working to harness online piracy. Since there may be no way to completely stop illegal downloading, some industry representatives are trying to find ways to capitalize on the growth in popularity potentially created by free access to creative works.

Besides tightening security, some companies are taking a vigilante approach to cyber-thieves by attempting to steal their information back from perpetrators. Some companies use a “honeypot” approach, planting enticing documents on their servers that, when opened, will provide a trail for identification of the hacker. One approach even activates the computer camera of the thief to enable exact identification. 

Best practices for the prevention of threats to intellectual property include: 

  • A dedicated information security team who works company-wide to implement a comprehensive data protection plan
  • Frequent enterprise-wide assessment 
  • Security awareness training for employees
  • Strict password and system access policies
  • Layered defenses against remote attacks
  • Open communication throughout the company regarding real or perceived threats to data
  • Secure backup and recovery processes
  • Refrain from using flash drives to transport data

 

Classroom Implications

Work with students in the cyber-security area can begin with a self-evaluation of their own online security risks. Scanning their personal social media pages and social media circles to identify potential risks is a good place to start. Pinpointing risks on a personal level can then feed into thinking about the hindrance of attacks on a larger scale. Students should also be safeguarding their data by keeping their personal devices (e.g., phones, iPads) secure at all times. They should follow industry recommendations for password protection on these devices.  

As a group, students could also study examples of data breaches on a larger scale, identify the consequences, and discuss how the attacks could have been prevented. Following a news story of a data leak or breach over a several months will help sensitize students to the fall-outs of a cyber-attack. Examining different types of positions within a company and how people in those positions may present risks to a company can also be eye-opening. 

A good case study in this area can be found here.