Proactive Strategies Minimize Internet Confidentiality ThreatsBy: Tim Rhodes
It was just a decade ago when companies could mandate that all employees, vendors and partners sign a confidentiality statement upon hire or project collaboration and feel reasonably confident that proprietary company information would remain safe. After all, data leaks can considerably damage a company's reputation, revenue stream and competitive positioning. Even worse, it can impact stock price, lead to unfair trading or violate federal or industry regulations such as HIPAA or Sarbanes Oxley.
But today, with widespread Internet use, employees can and do leak information without ever knowing it. These accidents typically occur when individuals post information for internal collaboration, never realizing they inadvertently posted documents on a public web server. Businesses also face ongoing exposure threats as they freely share and exchange digital documentation. Emailed documents can easily fall into the hands of external and internal partners, current, former or disgruntled employees and competitors.
Minimal Legal Recourse To Guard Against Online Disclosure
While most leaks are accidental, a handful have been the result of malicious intent. Corporations have started to take legal strides to punish perpetrators and cease such disclosure. Two recent, high profile legal cases involving Eli Lilly & Company and the U.S. Department of Homeland Security are just a few examples. These cases also bring to the forefront the startling judicial limitations available to safeguard companies from online disclosure and its immense consequences when left uncontrolled.
In a recent confidential document disclosure case concerning the anti-psychotic drug Zyprexa, a federal judge in Brooklyn, New York ruled that all information posted online be returned to Eli Lilly & Company, enjoining the attorney and physician responsible for the leak from further online distribution. These individuals distributed documents, confidential by court order, to several news organizations showing that Eli Lilly & Company, for up to a decade, tried to minimize the risks associated with Zyprexa use. While the decision patched the problem, the same court rejected the company's request to ban future web sites from further publication of the same confidential data on grounds that the task was impossible to enforce. In case after case, intellectual property settlements, like that involving Eli Lilly & Company, rarely protect its victims.
The ruling states:
"To extend the reach of the injunction further [beyond those responsible for the leak] might involve the court in attempting to control a constantly expanding universe of those who might have, or will have, access by reason of the original breach. That such an amplified injunction could be enforced effectively is doubtful. Even if enforcement were possible, on policy grounds the risk of unlimited inhibitions on free speech should be avoided when practicable."In another high profile online information security case, a website published alleged U.S. Department of Homeland Security proprietary documentation including reports of suspicious activity from water supply tampering to an airline attack plot and bomb threats. While this documentation was erroneously posted and removed promptly after discovery, it reached the public domain via routine Google indexing.
How Can Companies Protect Their Intellectual Property?
Once in the public domain, this data can be disseminated instantly to millions of individuals worldwide. The key to data protection is ongoing, routine threat monitoring to ensure unintentional confidential postings are taken offline as soon as possible. Another safeguard is minimizing exposure. There are several measures businesses can take to protect their proprietary data from landing in the wrong hands.
The following are best practice strategies companies can take to protect their intellectual property:
Overall, the best approach businesses can take is using a layered security strategy, or the implementation of multiple techniques to safeguard confidential electronic data.
Threat Monitoring and Protection Services: A Proactive Approach
To ensure confidential data is brought offline as soon as possible, companies are discovering the benefits attainable through dedicated, ongoing threat monitoring and protection services. These services, like WebArgos, proactively monitor online intellectual property visibility, protecting companies from widespread Internet exposure and misuse. Threat monitoring and protection services specialize in locating and eliminating publicly accessible documents that pose harm to their clients including defamatory data or information that violates the company's copyrights or trademarks.
These documents include:
With laws limiting corporate rights regarding the protection of compromised data online, companies are discovering that a proactive, rather than reactive, approach is the most effective. Smart companies take it upon themselves to ensure their own data security. Threat monitoring and protection services provide a simple, professional solution to the growing danger of online security leaks.
© Copyright 2007, Tim Rhodes
The author assumes full responsibility for the contents of this article and retains all of its property rights. ManagerWise publishes it here with the permission of the author. ManagerWise assumes no responsibility for the article's contents.
Would you like us to consider your own articles for publication? Please review our submission and editorial guidelines by clicking here.