LONG ISLAND, NY – As the hacking of the Houston Astros’ internal network proves, the theft of information assets can happen in any industry. Here, James Pooley shares four things that will help companies safeguard their own valuable information.Silicon Valley, CA
(June 2015)—Most of us assume that corporate espionage and digital theft of trade secrets rarely occur outside of technology, retail, and finance. But as the recent hacking of the Houston Astros’ internal computer network—allegedly by St. Louis Cardinals employees—proves, every company in every industry is vulnerable.
As cybersecurity breaches become increasingly common, says James Pooley, companies need to take steps to protect their information assets. If it can happen in baseball, it can happen anywhere.
“Clearly, just hitting the ball well isn’t enough: Competition these days is all about information—who has it and who can get it,” says Pooley, author of Secrets: Managing Information Assets in the Age of Cyberespionage (Verus Press, 2015, ISBN: 978-0-9963910-0-9, $24.97). “We’ll be hearing about stories like this more frequently as we expand our use of technology and hackers get more sophisticated.”
Having recently completed a five-year term as deputy director general at the World Intellectual Property Organization in Geneva, where he was responsible for management of the international patent system (PCT), Pooley is an expert in the fields of intellectual property, trade secrets, and data security. Secrets, which thoroughly explains how to recognize and mitigate the risk of information loss in today’s electronic business landscape, is a must-have guide for executives and managers, knowledge workers, consultants, security professionals, entrepreneurs, investors, lawyers, and accountants—anyone and everyone who works with information.
Here, Pooley spotlights four questions to consider if you’re serious about protecting your company’s secrets from being hacked:
What information do you have that could give your competition an edge?
“The Astros’ database contained private statistics, scouting reports, and information about players,” Pooley comments. “Most companies collect and store similar data about their performance, strategies, customers, and employees. The competition would love to know all this, and sometimes people step over ethical and legal lines to get it. Remember, in order to protect your information assets, you must first know what you have.”
What are you doing about your passwords?
“In our personal lives, we often reuse the same passwords because they’re hard to remember,” Pooley acknowledges. “But in business, you can’t afford that kind of convenience. Especially if you rely only on passwords to protect information, you need to change them frequently—and especially after key personnel leave your company. Use very ‘strong’ combinations of characters. And if possible, consider adding extra layers of protection, like call-back requirements or biometrics such as fingerprints.”
What procedures are in place to prevent employees from taking valuable information with them when they leave?
“Even when you have the right contracts in place and have done all appropriate training, you should conduct a thorough exit interview, learning as much as you can about the employee’s next job and emphasizing the importance of your secret information and your determination to protect your rights,” Pooley advises.
Do you educate employees about your trade secrets?
“Good training is the best (and most cost-effective) way to avoid problems and make sure employees stay within the bounds of what’s legal, ethical, and safe,” Pooley shares. “The best training is continuous, careful, upbeat, and professional, and does not rely on threats. While stories of information breaches—like the Astros hacking scandal—provide good case studies, be sure to also highlight your company’s own initiatives, especially actions by individual employees, that may have helped avoid a problem.”
“As the Astros’ misfortune has demonstrated, no industry or organization can consider its information assets safe,” Pooley concludes. “While it is impossible to guard against all information leaks, companies do have the power to strongly mitigate the risk of being hacked. What steps does your organization need to take to plug holes in its defense system?”
Leave a comment below with some helpful suggestions to help others keep their company information safe.