Management Articles


Proactive Strategies Minimize Internet Confidentiality Threats

By: Tim Rhodes

Tim Rhodes is Chief Executive Officer of Provizio, Inc., an information security firm, and webArgos (, a leading security applications company. Mr. Rhodes has an extensive background in intelligence, counter intelligence, and government information security.

It was just a decade ago when companies could mandate that all employees, vendors and partners sign a confidentiality statement upon hire or project collaboration and feel reasonably confident that proprietary company information would remain safe. After all, data leaks can considerably damage a company's reputation, revenue stream and competitive positioning. Even worse, it can impact stock price, lead to unfair trading or violate federal or industry regulations such as HIPAA or Sarbanes Oxley.

But today, with widespread Internet use, employees can and do leak information without ever knowing it. These accidents typically occur when individuals post information for internal collaboration, never realizing they inadvertently posted documents on a public web server. Businesses also face ongoing exposure threats as they freely share and exchange digital documentation. Emailed documents can easily fall into the hands of external and internal partners, current, former or disgruntled employees and competitors.

Minimal Legal Recourse To Guard Against Online Disclosure

While most leaks are accidental, a handful have been the result of malicious intent. Corporations have started to take legal strides to punish perpetrators and cease such disclosure. Two recent, high profile legal cases involving Eli Lilly & Company and the U.S. Department of Homeland Security are just a few examples. These cases also bring to the forefront the startling judicial limitations available to safeguard companies from online disclosure and its immense consequences when left uncontrolled.

In a recent confidential document disclosure case concerning the anti-psychotic drug Zyprexa, a federal judge in Brooklyn, New York ruled that all information posted online be returned to Eli Lilly & Company, enjoining the attorney and physician responsible for the leak from further online distribution. These individuals distributed documents, confidential by court order, to several news organizations showing that Eli Lilly & Company, for up to a decade, tried to minimize the risks associated with Zyprexa use. While the decision patched the problem, the same court rejected the company's request to ban future web sites from further publication of the same confidential data on grounds that the task was impossible to enforce. In case after case, intellectual property settlements, like that involving Eli Lilly & Company, rarely protect its victims.

The ruling states:
"To extend the reach of the injunction further [beyond those responsible for the leak] might involve the court in attempting to control a constantly expanding universe of those who might have, or will have, access by reason of the original breach. That such an amplified injunction could be enforced effectively is doubtful. Even if enforcement were possible, on policy grounds the risk of unlimited inhibitions on free speech should be avoided when practicable."
In another high profile online information security case, a website published alleged U.S. Department of Homeland Security proprietary documentation including reports of suspicious activity from water supply tampering to an airline attack plot and bomb threats. While this documentation was erroneously posted and removed promptly after discovery, it reached the public domain via routine Google indexing.

How Can Companies Protect Their Intellectual Property?

Once in the public domain, this data can be disseminated instantly to millions of individuals worldwide. The key to data protection is ongoing, routine threat monitoring to ensure unintentional confidential postings are taken offline as soon as possible. Another safeguard is minimizing exposure. There are several measures businesses can take to protect their proprietary data from landing in the wrong hands.

The following are best practice strategies companies can take to protect their intellectual property:
  1. Use Internet meeting services like WebEx, GoToMeeting or Live when conducting meetings with partners, vendors, employment candidates and customers. These services display confidential documents within a web browser, avoiding document distribution or download. Internet meeting services take extreme precautions in safeguarding their customers confidential information.

  2. Use a digital document security solution to prevent users from opening or reviewing documents without a secure access code or prior authorization. These solutions protect email communications, CAD, Office and Adobe PDF files, among others.

  3. If using Outlook, set email preferences to restrict forwarding with or without attachments. This protects email communications from redelivery to unauthorized parties.

  4. Implement a threat monitoring and protection service, such as webArgos, to monitor, locate and remove confidential and proprietary documents from the Internet before they spread. This might be the single, most important strategy a business can take to ensure data leaks are caught and rectified as soon as possible.

Overall, the best approach businesses can take is using a layered security strategy, or the implementation of multiple techniques to safeguard confidential electronic data.

Threat Monitoring and Protection Services: A Proactive Approach

To ensure confidential data is brought offline as soon as possible, companies are discovering the benefits attainable through dedicated, ongoing threat monitoring and protection services. These services, like WebArgos, proactively monitor online intellectual property visibility, protecting companies from widespread Internet exposure and misuse. Threat monitoring and protection services specialize in locating and eliminating publicly accessible documents that pose harm to their clients including defamatory data or information that violates the company's copyrights or trademarks.

These documents include:
  • Trade secrets
  • Proprietary communications
  • Concepts
  • Discoveries
  • Techniques
  • Drawings
  • Customer lists
  • Studies and reports
  • Formal policies and procedures
  • Technical diagrams
With a broad range of service plans, threat monitoring and protection services automate discovery, monitoring public information sources, quickly identifying inappropriate data, working diligently with the offending parties and leveraging various non-litigious techniques, relevant partnerships and relationships to remove this data as quickly as possible. Thus, possible damage is minimized, if not eliminated.

With laws limiting corporate rights regarding the protection of compromised data online, companies are discovering that a proactive, rather than reactive, approach is the most effective. Smart companies take it upon themselves to ensure their own data security. Threat monitoring and protection services provide a simple, professional solution to the growing danger of online security leaks.

© Copyright 2007, Tim Rhodes

The author assumes full responsibility for the contents of this article and retains all of its property rights. ManagerWise publishes it here with the permission of the author. ManagerWise assumes no responsibility for the article's contents.


Place "+" (without the quotes) in front of words that must appear; "-" to exclude articles with certain words; and put double quotes around phrases. For example, fantastic search will find all case studies with either the word "fantastic" or "search" (or both). On the other hand, +fantastic +search will find only case studies with the words "fantastic" and "search". "fantastic search" will find only case studies that with the phrase "fantastic search". Note: Searches will not find words, such as 'management', that appear in more than half of the articles or words less than five letters long.


Would you like us to consider your own articles for publication? Please review our submission and editorial guidelines by clicking here.