We work closely with your staff to design a system of readily understood, integrated and adaptable activities that produce ongoing, consistent results.
It is not uncommon today to find that individuals involved in compromising a company’s intellectual property (IP) are a combination of current or former employees, competitors, trusted customers, distributors or vendors. For this reason, the security equation must encompass issues of management structure, operational security and cyber security.
Protecting your IP requires the creation of an IP protection system—a set of readily understood, integrated, adaptable activities that produce ongoing, consistent results.
Based on our work with clients in diverse industries, we have created a time-tested, field-proven process for effective IP protection systems.
Steps to Securing IP Necessitates the Following:
- Management structure to ensure your IP security plan supports continued oversight of any protection measures that are implemented;
- Operational security, from procedures for handling information to reviewing existing hiring and departure policies for employees, as well as background screening on vendors and third parties; and
- Cyber security to prevent network intrusion, ensure mobile device security and remote access security, and more.
Based on our findings, we work closely with your staff to design an IP protection system customized for your situation. This includes drafting processes, policies and procedures for compliance, as well as a crisis management plan to put into action if a breach is suspected. The most difficult part of a sustainable, effective and efficient IP protection system is the implementation. This phase is also where we help you fill the gaps in your current level of IP security, with our new recommendations.
We can also put in place measures to identify possible leaks of confidential R&D or product information by conducting daily monitoring of social media, blogs, academia and legal reports. This will provide you with timely warnings if there has been a potential compromise of your trade secrets.
Case Study – Securing Intellectual Property of Leading Manufacturer
Kroll was engaged by a leading manufacturer of technology accessories with significant amounts of highly sought-after partner intellectual property (IP) across their design and manufacturing sites.
This client had operations in the U.S. and China with significant storage of pre-release IP across all these locations. In addition, the client shares this pre-release IP information with numerous partners with minimal contractual requirements regarding the protection the IP data.
The client had been through two high-profile losses of client IP and needed a complete review of current protocols and technology so that recommendations could be made and a new program developed.
Kroll’s role involved creating an approach blending assessment of physical security with a parallel cyber security review, leading to multiple physical security activities, which included:
- Developing vulnerability lists based upon current threats to loss
- Assessing physical controls in place to protect partner IP
- Assessing how those controls were functioning in the day-to-day work environment
- Reviewing the historical releases of partner IP to determine how vulnerabilities were exploited
- Reviewing contractual agreements with suppliers to determine what protections could be added
- Assessing the physical security of the sites, including video surveillance, monitoring, alarms, access control, guard force operations and management
- Interviewing key staff to identify likely methods of loss or theft and any suspicions they had on any potential suspects
- Reviewing the transfer of IP assets between locations
- Reviewing all partner-required asset protection measures to determine if the measures are being met by current deployment
- Reviewing the physical storage library for IP devices, the protocols in place for removing the devices from storage and the protection of devices while outside of said storage
- The overall program and the enforcement of the program were found not to meet industry standards.
Based on assessment of the sites, we recommended enhancements to various parts of the client’s physical security infrastructure and the operational program to ensure that the use, availability and storage of physical IP could be ensured and audited. Training programs for those with access to the IP were implemented and the informal checkout process was automated and audits of the use of IP were instituted. The client was able to provide tangible evidence to their partners of an audited, best-practice IP protection program in place across the organization.
Case Study – Securing Intellectual Property of Engineering Conglomerate
Kroll was engaged by a leading engineering conglomerate to help protect key parts of its intellectual property, relating to the way it manufactures major components for the petrochemical industry. The company has created a process whereby large, formed pieces of metal are assembled in an extremely precise way. The difficulty is that others may be able to reverse engineer elements of how it achieves its product, but the critical steps are only known to several staff members within different departments of the company. This presents itself as a classic insider threat type problem, given that the nature of the exposure is not an external criminal gang, but rather the staff’s careless or intentional disclosure.
Our role was to tease out the priority areas for devising a security plan. Inevitably with insider type threats, this involved a large element of deterrence, but deterrence must be effective to work, this activity sat alongside other workstreams including cyber security and physical security from external threats. We undertook this by initially understanding the client’s business and developing a risk tolerance statement capturing what they most cared about.
We then took this forward in terms of a risk matrix identifying specific areas of vulnerability and we were then able to advise specific security tools through deterrence, detection and prevention. Some of these measures included training and awareness, others included enhancements to internal security controls, physical security separation and the protection of portable information.
Our work enabled the client to retain their competitive position and protect the potential leakage of data around their proprietary processes.