Engineering is all about intellectual property (IP). The notes and solutions developed by a firm's engineers constitute the bulk of the assets of any engineering-based organization. There are benefits to such a fluid set of assets. But the danger is that the assets are so fluid that they can easily flow out the door through carelessness or theft.
When a retail shop loses inventory, it's called "shrinkage." When an organization that trades in knowledge and ideas loses inventory, it can be a disaster no matter why the intellectual property (IP) is lost. To protect its most valuable assets, the engineering organization must protect against many sources of that loss.
Don’t lose IP by accident
The first source of IP loss is accidental. The protections are well known and relatively straightforward:
- Regular data backups using a three-tier backup scheme that includes frequent integrity checks
- Redundant hardware to enable quick disaster recovery and business continuity
- A redundant connection to a separate ISP—ideally one with a different upstream provider than your primary ISP—will maintain your connection to the outside world (because Internet links are subject to failure, too)
Don't forget that client hardware should be backed up, as well. And if your engineers work with smartphones or tablets, they should be maintained with mobile device management (MDM) software, so that a lost device doesn't mean lost data.
Preventing IP being stolen
Outsiders are controlled through firewalls, universal threat managers (UTMs), and intrusion prevention systems (IPSes). These should be used in a layered defense system that doesn't rely on any single component for overall network protection.
When the threat is from the inside, the defense mechanisms change. Intrusion prevention systems (IPS) can certainly monitor traffic flowing in both directions on a network. That's a start.
Also, network filtering and monitoring can enforce policies saying certain types of information can only be sent from particular internal addresses, at certain times, and from certain pieces of software. These can have an enormous impact, for instance, on data simply being emailed out by an employee working after hours.
With all of the technology in place, it must still be used to enforce solid procedures and rules that are well understood by employees and consistently applied to everyone in the organization. Training is the piece that is most often ignored by organizations, especially those filled with highly educated, technical-minded individuals. Even engineers can fall prey to spear-phishing attacks. Don't forget to train and test individuals to make sure they understand both what spear-phishing attacks look like and why management takes them so seriously.
IP is the business of the engineering firm. Make sure yours is safe and sound.