What if your intellectual property was at risk and you weren’t even aware? In today’s highly competitive and often vulnerable world, the companies we choose to partner with play a large role in the security of our products. We take precautionary measures to sign the proper documentation like NDAs and Teaming Agreements, but at the end of the day, we are trusting someone else with our source code, our innovative technology, and our company’s livelihood.
Corporate exposure occurs when partners don’t properly protect assets they have been trusted to keep safe. Would you pursue a partnership with a company without knowing their policies and practices on protecting your IP?
Vet the firms that hold your company’s assets in their hands, learn from the experience a colleague of ours recently detailed:
“All it took to jeopardize my entire company—all my hard work and investments- was a selfie. A selfie!”
When an old colleague of mine said that, I was probably as confused as you are right now. He wasn’t much for social media, aside from an obligatory LinkedIn account. Honestly, as he sat at the helm of a multi-million dollar entity, I couldn’t see him taking a selfie.
As it turns out, it wasn’t his selfie that left his company in ruins, it was one captured by an “employee” for a vendor he had recently hired to do some security testing on a new and unreleased product. Under the stress of budget limitations and time constraints, his product engineer contracted with a poorly vetted vendor that didn’t have a proper facility or office space- he worked out of his basement.
As one could imagine, the security consisted of little more than a standard locking door, and background checks for those coming and going were non-existent. In retrospect, his legal team should have been more involved, but “who would have thought that a security ‘firm’ could operate like that?”
All it took was an innocent, “Friday is finally here!” photo that was shared on Facebook, Twitter, and of course Instagram, and BOOM. The supply chain was breached, and his company’s IP was globally available in a poorly captured photo.
The IP, along with any potential revenue amassed from their product, was compromised, and here he was left grappling with his board of directors, who now wanted him to fire one of his many respected employees, and ultimately left to pick up the pieces created by the vendor’s poor security. Poor security that, if he or his legal teams took the time to educate those making the decision, could have been completely avoided.
As it turns out, he came to ask me if our company provided any unlimited liability in the case of a security breach.
The truth is, I knew we could offer him completely vetted employees and unparalleled IP security. Knowing how vulnerable the supply chain is, we take every precaution to create and maintain a supply chain security policy. We limit portal access, have dedicated laboratory staff, and employ a FIPS 140-2 and CC evaluated Unified Threat management system including VPN, firewall, and intrusion prevention.
No one is gaining access to our client’s IP.
Unfortunately, it may be too late to really salvage his product. He may never know the full extent of the breach or how it could aid his competitors or jeopardized his customer base. The only thing he can do is work with his internal decision makers to create, disseminate, and enforce policy and procedures to ensure that all future vendors are vetted.