48242956 – global cyber security concept
One of my clients was planning a trip to China on behalf of his start-up. We were wrapping up a strategy session on how to make his trip successful. At the end of the call, as is always my practice with clients traveling to countries that are challenging regarding Intellectual Property (IP), we discussed what precautions he planned to take to protect the IP. He told me his computer was encrypted and wasn’t that enough?
I immediately thought that NO, that was not even close to enough. Investors had poured in millions to this company and his only weapon of protection was encryption? Forgetting about the information that is out there regarding China’s ability to hack and crack encryption – even if his computer was safe from normal hacking attempts – what about his phone? Did he ever send or receive attachments from his phone? Did he have contacts on his phone critical to his company? What financials and trade secrets were available on both his phone and laptop? Did he plan to keep his phone and laptop on him at all times while on the trip, taking them to the bathroom, and even sleeping with them?
These were just a few of the questions he should have been asking prior to travel. His company’s valuation was strongly dependent on the IP and if that were compromised, years, millions of dollars and reputations would be lost.
Why not travel with a new laptop, not connected to the company’s server? Why not leave the contact/address books at home when you travel? Or why not have a company policy that requires employees to keep technology on them while they are traveling? Computer security is a component of protecting trade secrets, but there is a human element as well.
Where do you keep your passwords: in your head or in a notebook that you travel with? With todays ever more complicated passwords requiring capital and lower case letters and numbers and special characters, and frequent changes, it has become increasingly hard to remember all of one’s important passwords by heart. Even if your company has a policy forbidding employees to write them down – how many employees do you think are actually capable of following that policy? Even with travel policies, some employees might forget or make a mistake, which will increase your exposure.
Bottom line is that it might prove impossible to protect your IP or sensitive information 100 percent, but without a plan and well thought out policies accounting for human elements – you will definitely fail. The idea is to have policies and a strategic cyber security plan that incorporates both computers and humans while still allowing your company to conduct business worldwide. Like mitigating any other you risk you face, you do not want the restrictions to be too prohibitive and at the same time you want to be protected.
In this case, given the last minute nature of the trip, it was easy for my client to make a copy of any critical meeting information and proprietary documentation on to an Ironkey flash drive, encrypted with high-speed military-grade hardware encryption. He kept the Ironkey on him at all times and he chose to get a new computer and phone for travel, both with upgraded encryption. He was also mindful not to save any new information on the computer.
It was not a perfect solution by any means, but it incorporated multiple layers of protection and allowed him to travel and execute business transactions globally. My client’s plan was thought out, took into account both cyber and human elements and protected the company’s value.
Alyson Krause is on the Board of several companies and works with starts ups and technology professionals world wide helping them achieve investor milestones, enter new markets and improve business relationships. She has a diverse background in numerous industries including Cyber Security, Medical Devices, Energy, Anti-Money Laundering, Natural Sciences, Finance, and Global Security. For other posts by Alyson: https://www.linkedin.com/today/author/0_3SsE6muVI_TukI0bGAqMfC?trk=prof-sm
Blog of Intellectual Capital 
Leave a Reply