In this day and age, every company in every industry is vulnerable to theft of proprietary information, from current/former employees, your business competitors and foreign thieves. SCIP (Strategic Competitive Intelligence Professionals), estimates that in 2019, the United States businesses lost between 225 to 600 billion form the Republic of China alone. The following information lists basic preventative measure to protect your business secrets and lists common methods of IP theft.
1) The Keylogger
2) EoP (ethernet overpower) devices
3) AP (access point) software
4) USB drive
2) EoP (ethernet over power) devices:
Wireless networking is an important tool for most businesses and individuals, but it is also a weak point in our security infrastructure. Unauthorized wireless access was on the decline thanks to upgrades in software and hardware security, but there is now a new technology, Ethernet over Power (EoP) (visit Homeplug.org for more information), that will allow an insider to covertly access and scan a corporate network. By inserting a network cable into a modem or router, and then plugging into an electrical outlet, an individual can turn a building’s electrical wiring into a 56-bit DES encrypted network that cannot be sniffed or detected like wireless. By using a second EoP device, an intruder can be anywhere in a building and casually search for and steal data without revealing his physical location. If an EoP device is discovered, it will most likely be overlooked as a power supply or some sort of surge protector
3) AP (access point) software:
By using simple wifi phishing techniques, an attacker can capture limitless amounts of valuable personal and corporate data with very little effort. Free access point (AP) software, such as HostAP8, SoftAP9, or wifiBSD10, is easy to download and use on a laptop or PDA to impersonate any legitimate wireless hotspot. An illegitimate AP clone can be quickly set up in any hotel, airport, conference center, or Starbucks. Once an unsuspecting user is connected to the fake AP, a spy then has a platform from which to capture account information, credit card numbers, user names and passwords, confidential emails and any other information that passes through the “evil twin” AP. Unfortunately, personal firewalls offer no protection from this type of wireless threat, but specialized software like Motorola’s AirDefense software can protect users from wireless-specific vulnerabilities while accessing hotspots.
4) USB drives:
Portable USB drives can carry vast amounts of data in very small packages, making USB drives one of the easiest ways to sneak data in and out of the work place. USB wristbands, Swiss Army knives, and keychains are difficult for the average security guard to spot. An effective, but not foolproof, countermeasure to data theft by USB is to disable the USB (and FireWire) ports in the system’s password protected BIOS. Software like DriveLock can add another layer of security to systems by restricting the use of ports (USB, Firewire, serial and parallel and external devices (floppies, CD/DVD-ROMs, etc), making it nearly impossible to export data.
When traveling abroad, it is important to be aware that privacy and security are not guaranteed in hotel rooms. Foreign governmental agencies and corporations are known to bug hotel phone lines and to enter unoccupied rooms in order to copy or steal any information of value. If confidential material or valuables must be left in a hotel room, the room safe is the often not the best choice: a safe’s key is rarely changed, and once it has been copied, that safe can be opened by anyone who can access the room. One alternative to the room safe is to place valuables in a zip lock bag and pin it to the very top, reverse side of the drapes, making sure the bag is not visible from outside the window. Given enough time, a spy can find anything hidden in a room, but if nothing of value is found quickly in the usual hiding places (inside luggage, behind the TV, under the mattress, inside of shoes), the attacker tends to move on.
If a laptop containing sensitive company information must be left unattended in a hotel room, steps should be taken to minimize the possibility of the hard drive’s contents being accessed or copied. With the right equipment, a standard laptop hard drive can be copied in under ten minutes, but using hard drives with integrated AES cryptographic hardware modules, like those found in a Classified PC, can prevent the unauthorized copying of a laptop’s hard drive by requiring pre-boot authentication. If the laptop is stolen, additional integrated security mechanisms will zero out the encryption key and make retrieval of any personal or corporate data from the hard drive next to impossible.
1. Identify what information is sensitive and classify it as such, taking the necessary steps to protected it. Information such as R&D processes and innovations or new market strategies are easily identified as “sensitive.” However, other information such as personnel files, pricing structure, and customer lists are often overlooked and left unprotected.
2. Conduct a risk assessment to identify vulnerabilities. Assess, too, the probability that someone will exploit those vulnerabilities and obtain sensitive information.
3. Establish, review, and update security policies and appropriate safeguards, both procedurally and technologically, to thwart attempts to exploit vulnerabilities and gain access to valuable company data.
4. Train all employees. Users, managers and IT staff all need to be trained to identify the business information that needs to be safeguarded, in techniques that can be used to gain access to sensitive data, and what procedures should be taken to report compromises or suspected attempts to solicit sensitive information.
We are a member of InfraGard, the collaborative effort between the FBI and the private sector that shares and analyzes information in order to prevent hostile attacks against the United States. By identifying local, state, and national vulnerabilities, individual InfraGard members are increasing protection against criminal activities in cities and towns, corporate environments, and personal lives.
Fill out the form to receive a Confidential Consultation.