Security

4 Tips For Protecting Intellectual Property In Academia

The intellectual property created by higher ed to combat COVID-19 makes an alluring target for cybercriminals.

Mike Chapple is a teaching professor of IT, analytics and operations at the University of Notre Dame.

Around the world, academic researchers have turned their focus to combating the novel coronavirus. From medical schools to biology labs, researchers are working nonstop to better understand the virus, develop therapeutic treatments and create a vaccine that could lift the pandemic’s shadow.

Collaboration across higher education is bringing the world’s best minds to bear on COVID-19. The resulting intellectual property could have tremendous public health benefits. But it also has massive potential commercial value, and few things are more attractive to would-be cybercriminals than other people’s valuable ideas.

Companies and countries around the world are racing to develop safe, effective and potentially profitable treatments and vaccines. Recent reports from intelligence agencies and prosecutors in the United States and the United Kingdom accuse the Russian and Chinese governments of engaging in hacking efforts to steal coronavirus research. Universities find themselves in the crosshairs, suddenly the targets of sophisticated intelligence-gathering operations.

Let’s consider some ways research institutions can protect their intellectual property from cybercrime.

1. Take Inventory of Your Research

The fundamental hurdle to protecting academic intellectual property is that most institutions have no idea where all of that information is housed. Research, by its nature, is a decentralized effort that shifts focus based upon the scholarly interests of individual faculty members, graduate students and funding agencies. Teams who were working on much different projects or problems in early 2020 might now be deeply engaged in coronavirus-oriented research.

Schools should begin their intellectual property security efforts by taking inventory of institutional research focused on this problem, including who is conducting it and where it is taking place. This inventory can help focus security efforts on the most vulnerable data.

MORE ON EDTECH: Read our exclusive Q&A with EDUCAUSE Cybersecurity Program Director Brian Kelly.

2. Create Partnerships With Faculty, Staff and Students

Protecting intellectual property requires a team effort. While campuses may naturally look to their information technology and cybersecurity teams to lead the way, efforts to protect proprietary research data won’t work without the full support of those engaged in the day-to-day work. There are simply too many ways that faculty, staff and students can undermine security by copying data to personal devices or cloud services, especially if they do not understand
or appreciate how or why their work requires careful, comprehensive protection.

Teams charged with leading intellectual property protection efforts should use their data inventories to identify the research teams most likely to be targets of malicious intelligence-gathering efforts and reach out to them for an initial conversation.

Researchers are more likely to understand the importance of protecting their work if they know that the threat is specific to their own research, particularly if examples are drawn from similar educational institutions.

3. Secure Remote and Collaborative Research

Remote work has always been a major force at educational institutions. While the rest of the world rapidly shifted to telecommuting arrangements over the past six months, faculty members have long done major portions of their work from home or on the road. However, that doesn’t mean that they’ve been working securely enough to mitigate the threat of intellectual property theft.

Campus technology teams need to understand how researchers work and the ways they routinely blur the lines between personal devices and professional data and files.

Working hand in hand with research technology teams, university security teams can design solutions that will secure remote work without hindering productivity. This may involve using configuration management tools, mobile device management technology or virtualized desktops.

MORE ON EDTECH: Learn how to secure higher ed's growing number of remote devices.

And don’t forget: Collaborative research often takes place in the cloud. Software as a Service platforms simplify the process of sharing data and results. However, improper use of these tools can cause serious security issues. These errors often result from very minor mistakes.

Cloud access security brokers allow technology teams to secure common cloud services by intervening directly in the process to ensure that user requests comply with security policies. They offer direct integrations with most major cloud services, providing security teams with a unified view into cloud use across the organization. CASB tools can play a significant role in the protection of sensitive intellectual property.

4. Work with Law Enforcement to Protect Information

When it comes to protecting intellectual property, the interests of law enforcement and universities are closely aligned. Both groups benefit from sharing threat intelligence information.

Teams working to protect intellectual property should consider partnering with groups such as the Research and Education Networks Information Sharing and Analysis Center (REN ISAC) or the FBI’s InfraGard program. Both of these provide collaboration and networking opportunities that may strengthen institutional defenses.

While the COVID-19 pandemic marks a significant shift in the priorities of both intelligence agencies and attackers, academic research is always a potential target. Developing partnerships and putting controls in place can be critical steps to keeping research protected.

Neil Webb/Theispot