Enterprise Digital Rights Management
Hold On A Minute! - Did I Miss the Point?

FordYesterday in Michigan, USA a former Ford employee admitted to a theft of $50 million worth of trade secrets and pleaded guilty. The problem with news like this one is the focus is always on the villain and how he or she carried out the crime.

The question that comes to mind for me is how on earth could Ford be so vulnerable to enable an employee steal so many documents in the first place? This should never happen in the first place, especially where you are dealing with something that represents the life blood of an organization.

Does anybody out there think that Ford has been negligent in putting the appropriate security measures in place to prevent such a theft in the first place, or am I going insane? Did I miss the point?

What bothers me about this story is that this former Ford engineer was able to download a majority of the documents from an area not related to his position within the company. A typical case of a seriously flawed data classification and a lack of proper vulnerability testing.

In this situation the villain is not Xiang Dong Yu, the former Ford engineer who was able to download over 4,000 documents to an external hard disk, the villain is Ford who have been completely reckless with it trade secrets in not putting the adequate security measures in place.

The greatest threat to businesses like Ford will continue grow from countries like China, and unless the boardroom of these businesses take action and drive policies to protect its intellectual property by all legal means necessary it will be game over in the next decade.

It is always difficult to link the loss of trade secrets or IP to job losses but I seriously believe it does have a cumulative impact on job security.Now that Ford’s trade secrets are now with a competitor will anyone be able to put a figure on the damage done?

The impact over a period of time is that a business becomes less competitive, the market share begins to decline, the shareholder value begins to dwindle, investor confidence begins to wane and job cuts have to be made to cut costs and increase profitability.

Tools like enterprise rights management and data loss prevention can help businesses to prevent embarrassing scenarios like this, but above all the most important way to achieve a high degree of success in securing an organization’s information assets is through training and awareness programs.

Organizations must endeavour to make sure that the protection of confidential information becomes a deep ingrained culture of the organization. If properly implemented there should be no reason for an employee to take corporate data with them when they hand in their resignation letter.

Is the protection of sensitive data and confidential information part of the culture of your organization?

Posted 1 year ago
view comments
Tagged: enterprise digital rights management, Enterprise Rights Management, enterprise drm, intellectual property, infosec, information security, information rights management, data theft, data security, Data loss prevention, Data Leak Prevention, data protection, .
blog comments powered by Disqus