In 2017 one in four Australian small businesses were affected by a cyber security incident. Increased reliance on new technologies and greater connectivity with third party service providers has increased vulnerability to cyber attacks. With that comes the risk of having your IP stolen.
Cyber security threats can result in:
- loss or theft of an organisation's key IP assets
- interruption to the business through loss of access to key infrastructure
- damage to the organisation's brand and reputation
- liability exposure to customers and investors
- breach of confidentiality and trust with your key stakeholders
- regulatory investigations, fines, enforceable undertakings.
Guide to securing personal information
The Office of the Australian Information Commissioner (OAIC) has published a "Guide to securing personal information" which covers:
- governance, culture and training and initiatives to ensure staff awareness
- internal practices, procedures and systems
- ICT security (including software security, encryption, network security, whitelisting and blacklisting, penetration and vulnerability testing, backing up, and email security)
- access security (including internal and external network monitoring)
- third party providers (including cloud computing)
- data breaches
- physical security
- destruction and de-identification
Technologies to protect data
There are a range of technologies to directly protect data including:
- digital watermarks
- digital rights management (DRM)
- encryption measures.
Each of these has benefits and disadvantages, and it can be important to understand how they may be used to safeguard your IP.
Plans and processes to have in place
Ask yourself, what would I do if my business data was hacked? It's important to have a thorough and achievable breach response plan that is regularly tested. Best practice would see your plan cover a range of incident scenarios and responses. Staff should also be aware and trained to enact the response plan.
It's also important to ensure that your organisation is aware of where all its data is stored (especially when using cloud storage options) and has adequate back up and disaster recovery procedures. This will help ensure your business is up and running as quickly as possible in the event of an unanticipated interruption.
Technology and prevention measures change rapidly. As your business evolves over time it is important to ensure the organisation's risk profile is appropriately revised and set. With measures put in place in line with your size, complexity and nature of business and the sensitivity of the information it holds.