Vitrium Systems

Several people were recently indicted on charges of trade secret theft, highlighting the need for organizations to take proactive steps to protect their intellectual property.

Janice Kuang Capener and Luo Jun face 18 counts stemming from the alleged theft of a significant amount of proprietary information from Orbit Irrigation Products. In 2009, Capener, who had been an Orbit employee for six years, was fired by the company. Before leaving, she downloaded sales and pricing information.

With the assistance of Jun, who owned Zheijian Hongchen Irrigation Equipment, Capener established her own company, Sunhills International. The two conspired to undercut Orbit's prices and blackball Orbit among Chinese manufacturers, according to the indictment.

In the other case, Yihao "Ben" Pu is charged with numerous counts of trade secret theft from Chicago-based hedge fund Citadel, for which he had previously worked as a programmer. According to the Chicago Tribune, Pu stole computer code used by the firm to develop trading strategies.

As both of these cases illustrate, companies with sensitive information should take steps to ensure that their document protection standards are sufficient to prevent the threat of insider-driven trade secret and intellectual property theft.

According to a recent study by Coleman Parkes, document protection is a major concern for businesses of all sizes. Surveying 300 CIOs and IT decision-makers, the survey found companies are creating data at an exponential rate, and protecting that data is a priority for many organizations.

However, despite these concerns, many firms fail to implement proper document protection strategies. While there are many reasons for these shortcomings, one significant cause is the prevalence of several myths regarding data security methods.

To encourage companies to pursue better document security practices, a leading cybersecurity firm recently released a report debunking a number of myths concerning data encryption, one of the foremost forms of data protection.

One of the most significant myths noted is that enacting data encryption will decrease the performance of a company's computers. According to the report, this myth has its basis in the past, when computer processors were less powerful and encryption was a significant drain on their resources. Nowadays, computing technology has improved to the point that most users will not be able to detect any performance degradation while encryption is in effect.

A recent survey found a majority of Canadian businesses do not follow document security best practices, putting themselves at risk of experiencing a data breach.

The study, ordered by the Office of the Privacy Commissioner of Canada, surveyed more than 1,000 companies from various industries. It found a wide range of security practices, with most businesses demonstrating security vulnerabilities in at least one area. For example, approximately half of participating companies that store personal information on personal devices, including tablets, smartphones and USB sticks, do not use any form of encryption.

Additionally, only 55 percent of participants have established controls in their organizations to ensure that employees use hard-to-guess passwords, and more than a quarter do not require employees to change passwords at regular intervals.

Security experts widely recommend that workers use both encryption and complex password protection whenever sensitive information is at risk. Numerous studies have found mobile devices containing company or customer information to be one of the biggest security vulnerabilities affecting businesses today.

Without these document protection measures, a lost or stolen mobile device can be accessed by unauthorized individuals, potentially leading to a data breach. And as Privacy Commissioner Jennifer Stoddart notes, while encryption may require a bit of time initially, "the impact on day-to-day functions is almost nothing," IT World Canada reports.

A recent survey demonstrates that many Irish companies may be at risk of data breaches and the loss of intellectual property due to insufficient document security procedures.

Conducted by Amarach Research, the study surveyed 1,000 workers across Ireland, Silicon Republic reports. The results revealed that many employees engage in behavior which can put their company's data at risk. For example, 12 percent of respondents admitted to taking an employer's contact list with them when they left the company. Additionally, 18 percent store work-related data on USB drives and 19 percent email work documents to their personal accounts.

As these figures demonstrate, many Irish firms can improve their document security procedures. Industry experts widely recommend implementing education policies designed to inform workers of the threat of data loss and how to avoid high-risk behaviors.

Additionally, a recent IDC report advocated increased use of encryption tools among companies to deter insider threats. If sensitive documents are encrypted, then unauthorized employees will be unable to access the stored information, protecting it in case the employee attempts to steal intellectual property.

In the past few days, a number of trade secret thieves have been convicted in court, emphasizing the need for organizations with sensitive information to implement document protection solutions.

The first, Suibin Zhang, was previously a Silicon Valley engineer working for Netgear. In 2005, shortly before beginning a new job with Broadcom, Zhang used his position and Netgear's customer relationship to gain access to technological trade secrets owned by Marvell Technology, a Broadcom rival.

According to prosecutors, Zhang downloaded a large amount of proprietary knowledge from Marvell's Extranet without any legitimate rationale. According to the Chicago Tribune, Zhang faces up to 10 years in prison.

Recently, Wen-Long Huang pled guilty to charges of trade secret theft and faces similar potential penalties. According to 7th Space Interactive, Huang illegally downloaded product data sheets from Jet Products, his employer and a developer of environmentally friendly buildings.

In both of these incidents, it is possible that superior document protection practices, such as encryption software and PDF protection, could have prevented the thieves from accessing and stealing the intellectual property.

In April 2012, there were three major data breaches at healthcare organizations. Security incidents at Emory Healthcare, the Utah Department of Health and South Carolina's Department of Health and Human Services compromised more than 1 million individuals' healthcare records, with the Utah breach alone accounting for the exposure of at least 750,000 people's information.

As these incidents illustrate, many healthcare organizations need to take greater steps toward improving their document protection practices.

Speaking to Becker's Hospital Review, health IT expert David Finn recently said that one of the key steps healthcare organizations should take is tailoring their data protection strategies.

"The right data protection entirely depends on who needs the data and how it is used," he claimed. If a piece of information is stored for recordkeeping purposes and will never be exchanged, for example, it may not require the same level of endpoint security protection as does a file containing sensitive patient information which will circulate among doctors.

Similarly, Finn argued that document security should reflect the sensitivity of the data protected. Encryption may not be necessary for a research presentation document, but is quite possibly a wise security practice for patient records, he explained.

By failing to apply varying degrees of document security to different types of data, healthcare organizations risk under-protecting sensitive information, which could lead to a data breach.

A recent cyberattack highlights the need for improved document security practices among law firms.

In February, a Virginia-based firm was struck by hackers. According to ABA Journal, the hacktivist group Anonymous targeted the firm for its successful representation of a U.S. Marine staff sergeant. The hackers infiltrated the law firm's email system and subsequently released confidential information from the case onto YouTube and other internet channels. Additionally, the cyberattackers disabled the company's website.

This attack fits into a trend, identified by numerous cybersecurity experts, in which hackers' attention is shifting away from difficult, high-reward targets, such as financial institutions, to more easily-accessible organizations and individuals. Lacking the cybersecurity defenses of banks and credit unions, many companies are relatively easy prey for cyberattackers, who can then sell the stolen information or use it to commit identity theft and fraud.

To avoid losing sensitive information to hackers, law firms should consider implementing greater document security protocols. By using PDF protection, for example, an organization can store its files in a format that is unreadable by unauthorized individuals, protecting the stored data even in the event of a data breach.

Yuan Li, a former research chemist for Sanofi-Aventis, was recently sentenced to 18 months in prison for the theft and subsequent sale of trade secrets.

Li was a Sanofi employee for nearly five years before initiating her theft. Highlighting the need for companies to implement effective document security protocols to protect their intellectual property from both external and internal threats, Li accessed Sanofi's database and downloaded trade secrets regarding chemical compounds over the course of six months. Li transferred this information to her personal home computer via flash drives and personal email.

At the time of the theft, Li was a co-owner of Abby Pharmatech, a U.S. subsidiary of Chinese chemical firm Xiamon KAK Science and Technology. According to the Asbury Park Press, Li made more than 6,000 stolen compounds available for sale on Abby's website. Sanofi estimates that it lost millions of dollars due to the proprietary information theft.

In order to protect themselves from trade secret theft, industry experts widely recommend that companies pursue document security policies that include data encryption and strict access management.

In a few short years, cloud computing has become a common technology. Recently, Deloitte conducted a survey which found that 40 percent of participating mid-market executives identified the cloud as a key area of technological investment, up from 29 percent the year before. Everyday, millions of individuals and organizations use the cloud to send emails and store data – many without even realizing that they're making use of this new technology.

However, ignorance is no substitute for security, and as TechCloud9's Martin Banks recently highlighted, many cloud users' information may potentially be accessed and utilized by vendors if document protection is not enacted.

Banks points out that Google, which recently released a new cloud storage service called Drive, has a service contract that essentially claims Google's right to "use, host, store, reproduce, modify…communicate [and] publish" user content, among other procedures. To use Google's cloud service, individuals or businesses must agree to these terms. And Google is not the only vendor to implement such policies.

That is why industry experts argue that users should take steps to encrypt their cloud-stored data. Doing so protects the data from being accessed by others, even if the service provider's service agreement grants them the right to view it.

The cloud offers significant benefits to organizations of all sizes. It can reduce costs, improve internal and external communications and make a variety of other business functions more efficient. Additionally, because cloud services are not dependent on in-house hardware, businesses can reduce the risks of over- or under-investing that often accompanies the purchase of new tech equipment.

The advantages of the cloud are not lost on company managers. A recent study by Deloitte of 528 U.S. mid-market executives found that 40 percent believe the cloud and Software-as-a-Service (SaaS) are among the most important areas for technology investment in 2012. Last year, only 29 percent of respondents felt this way.

However, moving operations to the cloud entails significant document security risks, as technology expert Steve Bailey recently highlighted. Writing for AME Info, he argued that these risks require that organizations considering a move to the cloud modernize their backup and recovery protocols. If a company fails to adequately prepare its data management processes before adopting virtualization, Bailey pointed out, it will likely experience a large number of data-related issues, both major and minor.