Protecting Your Intellectual Property

Protecting Your
(Intellectual) Property
IntroductionA popular TV ad tagline asks, "What's in your wallet?" For today's businesses, a more important question is, "What's on your network?"
Data is the lifeblood of every company, and often, it's the only thing that differentiates one organi-zation from another. Who has the most loyal customers, the best service, and the most innovative strategies all boils down to information residing on the company's IT systems.
For companies that deal with product designs and prototypes, it's easy to understand how closely their information must be guarded. Strategic plans, corporate roadmaps, and notes from a brain-storming session could also be valuable to competitors. Personal information-of employees and customers-can be used for identity theft and other types of fraud, if it falls into the wrong hands.
The problem is, many companies devote resources to IT security assuming that the thieves and threats are on the outside, attempting to gain access to the network via malware and hack attempts. They ensure anti-malware and intrusion detection/prevention systems are in place, and restrict network access.
What happens, however, when the internal worker becomes the threat? In this white paper, we'll dis-cuss the growing threat of insider data theft, the extent to which most companies are vulnerable, and how McAfee security products enable businesses to protect their most valuable asset-their data.
Discover and LearnFind all your sensitive datawherever it may be
Assess RiskEnsure secure data handlingproccedures are in place
Define Effective PoliciesCreate policies to protect data andtest them for effectiveness
Apply ControlsRestrict access to authorizedpeople and limit transistion
Monitor, Report and AuditEnsure successful data securitythrough alerting and incidentSponsored by management
The enemy is usEvery employee that uses e-mail and the Internet may become a leak, either purposely or-more commonly- inadvertently. A worker who was passed up for a raise or laid off may, in a fit of anger, share some embarrassing information with the press or forward sensitive plans to a competitor.Even instant messaging exchanges can be used to sneak files or secrets to outsiders. Employees of-ten retain their "buddy lists" as they move from one department to another, or from one employer to the next. Colleagues who IM one another every day could be working for competing firms, and a careless response to "what are you working on lately?" can be disastrous.In addition, many hack attempts use social engineering to infiltrate corporate networks. An e-mail that seems to be from your IT admin and requests your login info seems harmless enough, until the hacker at the other end gains entry. The issue is one of education and awareness, and unsuspecting employees become, in essence, potential threats.Another problem is that employees themselves may not take "safe data handling" practices to heart. They'll copy work files onto USB drives or portable hard drives, or even e-mail them to their personal accounts for retrieval from home. This sort of routine activity can place sensitive data at risk, espe-cially considering how easy it is for a small USB key, a smart phone, or a laptop to be misplaced or stolen.These worst-case scenarios aren't just the product of an IT director's overactive imagination. They're all too real, and they're happening with increasing frequency, as evidenced below:. In August 2008, software firm Cyber-Ark conducted a survey of 300 IT professionals. An alarm-ing 88 percent said that if they were laid off tomorrow, they would take valuable and sensitive company information with them. Examples included CEO passwords, customer databases, R&D plans, financial reports, M&A plans, and most importantly, lists of privileged passwords. With layoffs becoming a regular occurrence in companies of every size, across every industry, this is a serious threat.. A February 2009 Ponemon Institute study confirms this. Nearly 60 percent of 945 individuals surveyed admitted to taking company information when leaving their jobs. . A May 2009 "Security Watch" feature in eWEEK magazine cites a Deloitte research study, in which 41 percent of 200 IT workers surveyed admit that they've experienced at least one insider security breach in the last 12 months. In the same study, only 28 percent said their organiza-tions were "ver... [download for more]