Get All Access for $5/mo

Five Ways You Can Avoid IP Theft Here's how to keep your small firm's big digital assets out of the crosshairs of hackers.

By Riva Richmond

Opinions expressed by Entrepreneur contributors are their own.

Five Ways You Can Avoid IP TheftSmall companies are being swept up in a surge of cyber espionage that was once aimed mainly at corporate giants.

In the last year, hackers working at the behest of governments or unscrupulous competitors have been actively targeting an array of small companies that have valuable intellectual property and corporate secrets, but lack the security protections of larger businesses.

Small businesses with big digital assets are most frequently targeted by hackers, says Ashar Aziz, founder and chief executive of FireEye Inc., a Milpitas, Calif., security firm that defends companies and government agencies against attacks. Among them are law and other professional-services firms that possess information belonging to larger, better-protected companies -- especially strategies for contract, merger and litigation negotiations.

Companies being pursued for acquisition by larger players are also being targeted by hackers, as are businesses with valuable intellectual property or information of their own, such as specialty manufacturers, small defense firms, high-tech and clean-tech startups and hedge funds.

Ten or 15 years ago, military computer networks were the target. But hackers, especially those believed to have ties to China, broadened their attacks to other government networks, then to commercial defense companies, and finally to companies of all stripes, including small ones in 2011, according to Mandiant Corp, an Alexandria, Va.-based information security firm.

"Small companies are targeted now because there's high return at fairly little effort," says Grady Summers, a vice president at Mandiant and former chief information security officer at General Electric Co. "If you're a company with a hot piece of technology … I'd consider it a certainty you'd be a target."

While it can be nearly impossible to stop a skilled and determined hacker, you can make your business less vulnerable and mitigate the damage. Here are five key strategies to consider:

1. Foil phishing.
Most targeted attacks begin with a personalized email con known as a "spear phish." It's designed to get the recipient to visit a website or open an attachment that infects his or her computer with malware, giving attackers access to the network so they can take what they like.

Spear phishing preys on human weakness, but a mix of spam filtering and employee education can go a long way toward stopping it.

Related: How to Avoid One of the Biggest Email Hacking Threats

2. Take on malware.
Up-to-date antivirus software is a vital first line of defense for blocking malware. But because it works by stopping known attacks, new ones can still get through.

Because malware typically exploits a software flaw, one of the most effective defenses is to apply updates without delay for all applications you use, especially oft-targeted Microsoft and Adobe products.

To make sure you're closing key vulnerabilities, consider using scanning tools such as those from Qualys Inc., which offers a number of free tools, as well as QualysGuard Express (14-day free trial, annual subscriptions starting at $1,495).

Web-filtering services can help prevent employees from visiting malware-laced sites. There are many options, but if your budget is tight, try the free basic service for small businesses from OpenDNS. Web-filtering services allow you to block entire categories of sites and provide reports on employee web activity to help you find out what happened if you are attacked.

3. Control access to sensitive data.
Hackers take advantage of loose policies that, for example, let a secretary, whose computer they hacked, access the work of your research and development group. To control employee access to such sensitive information, large companies use complex "identity and access management" systems. Simpler alternatives for smaller companies are emerging.

For instance, Symplified Inc. offers a cloud-based access management service that works with other cloud-based applications. Its Symplified ONE service costs $1 per user per month, starting at $100 for the first 100 users. Another option is Route1, which offers a device called MobiKEY. Employees can plug it into any computer to secure their remote access to the network resources they're authorized to use.

If you feel you can't protect vital assets, simply keep them off the network. What's not remotely accessible to hackers can't be stolen.

Related: Why You Should Consider Outsourcing Computer Security

4. Hire a security services firm.
If you don't have the resources to lock down your network yourself, you can outsource the job to a managed security services firm. These companies offer state-of-the-art technologies and seasoned security pros at prices affordable to many small businesses because they spread the costs across many clients.

5. Create an incident response plan.
Hackers hunting for intellectual property can maintain a quiet presence on a target network for months and even years, stealing valuable information the entire time. Rooting them out as quickly as possible can significantly reduce the damage.

Encourage your employees to report suspicious activity and put a plan in place for how you will investigate and respond to a security breach.

Related: What to Do If Your Business Gets Hacked

Riva Richmond is a freelance journalist who has covered technology for more than a decade. She focuses on computer security, privacy, social networking and online business and has written for The New York Times, The Wall Street Journal and other national publications. Previously, Riva was a technology reporter at Dow Jones Newswires and regular contributor to The Journal's "Enterprise" small business column.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Side Hustle

The Side Hustle He Started in His College Apartment Turned Into a $70,000-a-Month Income Stream — Then Earned Nearly $2 Million Last Year

Kyle Morrand and his college roommates loved playing retro video games — and the pastime would help launch his career.

Business News

New Southwest Airlines Major Investor Wants to Force Out CEO, Slams Company's 'Stubborn Unwillingness to Evolve'

Elliot Investment Management announced a $1.9 billion stake in the Dallas-based Southwest Airlines on Monday and is urging shareholders to vote for new leadership.

Science & Technology

Why We Shouldn't Fear AI in Education (and How to Use It Effectively)

Facing resistance to new technologies in the educational process is nothing new, and AI is no exception. Yet, this powerful tool is set to overcome these challenges and revolutionize education, preparing students and professionals for a future of unparalleled efficiency and personalized learning.

Business News

Elon Musk Threatens to Ban Employees from Using Apple Products, Says Will Lock Devices in 'Cages'

The Tesla founder sounded off on X following Apple's 2024 Worldwide Developer Conference on Monday.

Business News

Apple's AI Has a Catch — And It Could Help Boost Sales

Not every iPhone owner will get to use the new Apple Intelligence.

Business News

Y Combinator Helped Launch Reddit, Airbnb and Dropbox. Here's What I Learned From Its Free Startup School.

The famed startup accelerator offers a free course on building a business — and answers five pressing questions for founders.