1. Take Inventory of Your Research
The fundamental hurdle to protecting academic intellectual property is that most institutions have no idea where all of that information is housed. Research, by its nature, is a decentralized effort that shifts focus based upon the scholarly interests of individual faculty members, graduate students and funding agencies. Teams who were working on much different projects or problems in early 2020 might now be deeply engaged in coronavirus-oriented research.
Schools should begin their intellectual property security efforts by taking inventory of institutional research focused on this problem, including who is conducting it and where it is taking place. This inventory can help focus security efforts on the most vulnerable data.
2. Create Partnerships With Faculty, Staff and Students
Protecting intellectual property requires a team effort. While campuses may naturally look to their information technology and cybersecurity teams to lead the way, efforts to protect proprietary research data won’t work without the full support of those engaged in the day-to-day work. There are simply too many ways that faculty, staff and students can undermine security by copying data to personal devices or cloud services, especially if they do not understand
or appreciate how or why their work requires careful, comprehensive protection.
Teams charged with leading intellectual property protection efforts should use their data inventories to identify the research teams most likely to be targets of malicious intelligence-gathering efforts and reach out to them for an initial conversation.
Researchers are more likely to understand the importance of protecting their work if they know that the threat is specific to their own research, particularly if examples are drawn from similar educational institutions.
3. Secure Remote and Collaborative Research
Remote work has always been a major force at educational institutions. While the rest of the world rapidly shifted to telecommuting arrangements over the past six months, faculty members have long done major portions of their work from home or on the road. However, that doesn’t mean that they’ve been working securely enough to mitigate the threat of intellectual property theft.
Campus technology teams need to understand how researchers work and the ways they routinely blur the lines between personal devices and professional data and files.
Working hand in hand with research technology teams, university security teams can design solutions that will secure remote work without hindering productivity. This may involve using configuration management tools, mobile device management technology or virtualized desktops.
And don’t forget: Collaborative research often takes place in the cloud. Software as a Service platforms simplify the process of sharing data and results. However, improper use of these tools can cause serious security issues. These errors often result from very minor mistakes.
Cloud access security brokers allow technology teams to secure common cloud services by intervening directly in the process to ensure that user requests comply with security policies. They offer direct integrations with most major cloud services, providing security teams with a unified view into cloud use across the organization. CASB tools can play a significant role in the protection of sensitive intellectual property.
4. Work with Law Enforcement to Protect Information
When it comes to protecting intellectual property, the interests of law enforcement and universities are closely aligned. Both groups benefit from sharing threat intelligence information.
Teams working to protect intellectual property should consider partnering with groups such as the Research and Education Networks Information Sharing and Analysis Center (REN ISAC) or the FBI’s InfraGard program. Both of these provide collaboration and networking opportunities that may strengthen institutional defenses.
While the COVID-19 pandemic marks a significant shift in the priorities of both intelligence agencies and attackers, academic research is always a potential target. Developing partnerships and putting controls in place can be critical steps to keeping research protected.