How to Protect IT Business and IT Products: Advice from CEO of IDL

Protection of IT business and IT product

• What problems can a modern IT business face?

In the early stages of its development, any IT business can experience two main problems – a lack of customers and a lack of highly qualified staff. Obviously, some questions are immediately raised: “Where to find customers?” and “Where to find real professionals?”  If the first problem can be solved faster, the second one takes a lot of time and effort. It is not a secret that the Ukrainian education system cannot compete with European and overseas educational institutions which have a higher level of education. And if you still managed to find a real professional, it doesn’t mean that he will stay with you forever. After all, most of those intellectuals who did achieve success in their field of activity prefer working abroad, where there are more opportunities and decent salaries.  That’s why the first problems with recruitment occur.

Another problem that the Ukrainian IT business may face is the management and business systematization. Basically, all large companies come with foreign management because foreigners with more solvent audience have their business processes set up properly and keep everything under good control. As for business systematization, there are some difficulties with setting up financial processes, recruiting the above-mentioned personnel and having orders —  everything that makes business sick at the stage of its development.

• Is it possible today to protect intellectual property in IT?

Quite a controversial question. Of course, Ukraine has such a thing as copyright. However, if we talk about the protection of unique software code, then the patent does not guarantee you the complete protection of your product. After all, your competitor can take your code, change a few lines in it and create a new “unique” product, which will be successfully accepted and registered by the patent office.   Therefore, in Ukraine, it is impossible to patent an idea, design or software. Another matter is the protection of trademark and utility model. There are no problems with this. In other countries, the right to patent a program or any other work of art exists and is often practiced. For example, Apple company, which patented not only fonts but also (just imagine!) a color.

• What should you, first of all, pay attention to when protecting the IT infrastructure of a business?

When protecting any IT infrastructure (of a small, medium or large business), you need to pay attention to such 3 main things as backup, access rights policy and two-factor authentication. Before starting all business processes, it is necessary to create backup copies at least once a day or at least once a week (usually 3 copies). Moreover, these copies should be stored not on the computer where the originals are, but on another physically remote computer. Because keeping important data and their copies on one hard disk in case of a cyber attack can lead to the loss of both the original and the copies. Therefore, for example, before heading home from work, get used to transfer copies on an encrypted USB flash drive, which you will keep in a safe place.

Access rights are another important detail when protecting your IT infrastructure. Quite often, the owners of various companies suffer from the information leaks caused by their ex-employees who had access to important company data. That’s why it would be wrong and rather risky to give access rights to a wide range of workers.  Take care of this in advance.

Plus, use two-factor authentication, which enhances the security of user accounts. At the same time create a complex password, the one that doesn’t consist of your or your family members’ birthday. Adding lowercase and uppercase letters, mixing it with numbers and punctuation marks (for example, an exclamation mark) when creating a password,  complicates the work of an attacker who hunts your information. In general, these are the basic rules that every caring entrepreneur should follow.

• If suddenly you identified a data leak or a cyber attack, what should you do first?

First of all, accept it after going through all 5 stages of grief (smiles). In fact, it all depends on the type of cyber attack and the viruses that caused it. If, for example, you were attacked by a Petya virus, then the first thing to do is to pull everything out of the outlet. If it automatically connects to Wi-Fi, disable it too. Petya virus is a virus from the WannaCry family, and if it gets into your system and encrypts files, you should not send bitcoins to the specified address.  But the best option will be immediately contacting the specialists. This is the first best solution that works with any other cyber attacks or data leaks. Self-medication does not help here. Moreover, it can lead to even more detrimental consequences.