These cases have three things in common:
• They’re examples of intellectual property (IP) theft.
• They involve electronic evidence.
• I’ve been involved in all of them recently.
I wrote a Digital Fingerprints column in the July/August 2008 issue (www.fraud-magazine.com/article.aspx?id=357) in which I discussed IP theft. So, why another one? Well, it’s quite simple: It’s still happening and will continue to happen. And the faster the organization reacts, the less damage it might have to deal with. Many organizations discover IP theft months or years after it has occurred, and you never want to be in that situation. So, what to do?
The first step in protecting IP is knowing about. Where does it reside, where is it stored, who has access to it, etc.? How do you answer these questions? By discussing IP with the information owners, the various departments within the organization, and the custodian of the information – the IT department.
Your organization’s security policy should include directives on classification of information, access control, and storage including portable storage devices. Inform employees through the policy that they’re obligated to protect IP. The code of ethics, which employees should sign every year, should contain a clause about IP protection.