The recent Air National Guard classified leak has military and intelligence community leaders working to understand how the leaker’s activities were not detected sooner. The sensitive information leaked is arguably the most damaging to national security since the Edward Snowden leak of 2013. Business leaders should take a pause on this unfortunate event and contemplate the security measures protecting their sensitive data and intellectual property.

While most companies don’t have classified and sensitive government data to protect, they nevertheless are vulnerable to insider threats, particularly when it comes to the protection of trade secrets. A trade secret is a confidential business practice, formula, process, design, instrument, pattern, or other information that gives a company a competitive advantage over its competitors.

Unlike patents or copyrights, trade secrets are not publicly disclosed or registered with any government agency. Instead, they are protected by a company’s internal policies, confidentiality agreements, and other legal measures. The unauthorized disclosure or use of trade secrets by an employee or a competitor can result in legal action, including injunctions, damages, and even criminal charges in some cases. Unfortunately, trade secrets are also some of the most valuable intellectual property assets, and companies must take steps to protect them.

The protection of trade secrets is no longer just a legal or financial issue. It is now a critical issue for the information technology (IT) department. IT leaders are vital in helping the legal and financial departments develop a secure trade secrets program. They are responsible for ensuring that sensitive information is secure, that employees and contractors are not misusing that information, and that the company’s trade secrets are protected from both external and internal threats.

One of the most effective ways to combat threats is by implementing a comprehensive security program. This program should include a range of policies & procedures and technology solutions that help protect against data loss. IT leaders can help ensure that these measures are in place by working closely with the legal and financial departments to:

1. Identify sensitive information
2. Develop a risk management plan
3. Implement the necessary controls.

Policies & Procedures

With regard to policies and procedures, the most impactful thing organizations can do is implement a privilege management policy. Privilege management ensures that employees only have access to the information they need to perform their job duties. After the Snowden leak, the intelligence community (IC) implemented policies that limit IT administrator access to sensitive information.

These policies included the following measures:

Monitoring IT administrator activities: The IC monitors the activities of IT administrators who have access to sensitive information, including reviewing their keystrokes and system logs. This is to detect any suspicious or unauthorized activity that could potentially compromise classified information.

Segregating duties: The IC separates the duties of IT administrators to prevent any single individual from having too much control or access to sensitive information. For instance, one IT administrator may have access to the system logs while another has access to the servers.

Other policies include a comprehensive training program to guide employees on handling sensitive data, password policies, and reporting suspicious activity. A data classification policy and controls should be implemented to protect sensitive data from unauthorized access or disclosure. This can involve using data labeling and implementing role-based access controls and encryption to protect sensitive data.

Lastly, IT leaders should conduct regular security audits to assess the effectiveness of the organization’s security measures and identify any vulnerabilities or weaknesses in the system. This may involve penetration testing, vulnerability scanning, and other assessments to identify potential risks and gaps in the security posture of the organization.

Technology Solutions

There are several technology solutions available today to help prevent data loss and protect trade secrets. For example, data loss prevention (DLP) software can be used to monitor and control the flow of data within an organization. This software can detect and prevent unauthorized data transfers, flag sensitive data, and prevent data from leaving the organization through email, USB drives, or other channels.

Another effective technology solution is encryption. By encrypting trade secrets, while at rest and in transit, companies can ensure that even if an insider were to gain access to the information, they would not be able to read or use it without the proper decryption key.

IT leaders can also leverage the power of machine learning (ML) and artificial intelligence (AI) to detect and prevent insider threats. Machine learning algorithms can analyze patterns of behavior and identify anomalies that may indicate malicious activity. This can help prevent data loss and protect against insider threats.

Finally, IT leaders should construct a data backup and recovery plan to ensure that trade secrets are recoverable in case of data loss or system failure. This can involve using backup and recovery software, regularly testing data recovery procedures, and keeping backup data on air-gapped servers without internet or other network connection.

In Summary

Protecting trade secrets is a critical issue for organizations and IT leaders play a crucial role in developing a secure trade secrets program. IT leaders should stay updated with relevant legal and regulatory requirements related to trade secrets protection, data privacy and cybersecurity. By working closely with the legal and financial departments, as well as with help of advanced technology solutions (such as DLP, encryption, and AI), companies can significantly reduce the risk of data loss and protect their most valuable intellectual property assets.