In order to protect critical data like intellectual property, enterprises should follow a set of defined steps designed to give defenders better visibility of their data and make it harder for attackers to access and abscond with it.

A California-based non-profit organization that advocates for IP protection released a list of best practices for protecting digital IP earlier this week. The group, the Alliance for Gray Market and Counterfeit Abatement, or AGMA, outlined its list of IP protection 'must-haves' on Tuesday.

According to AGMA, the best practices include:

• Access Control Policies and Procedures

The organization stresses that maintaining uncontrolled or poorly controlled access to data and business systems can lead to organizations being exposed. “Ensuring a comprehensive access review of all applicable systems is imperative to identifying access risks,” the guidance reads, “This should include appropriately restricting access and ongoing reviews of access levels. A robust access control policy should outline the controls placed on both direct and remote access to computer systems to protect networks and data.”

• Event Logging

The best practices necessitate event logging and visibility in order to understand what’s happening in a company’s environment. AGMA is encouraging organizations to log and retain comprehensive records of events, when they’ve occurred, where, the source of the event, the outcome, and the identity of any individuals or subjects associated with the event.

• Monitoring and Reporting

AGMA maintains that appropriate data analytics should be used to monitor and identify trends or transactions outside of norms or expectations. “Any unauthorized use should be reported to the appropriate parties, and enforcement actions should start immediately.”

• User Awareness and Training

Information security awareness training is another tool companies can use in the fight against IP theft. “Ensuring that users are made aware of the ways in which they might unintentionally expose IP is of extreme importance.”

• Security by Design

The non-profit advocates security by design. “Planning and policies for building security up front (vs. after the fact) should be implemented and adhered to, as it is much more expensive to add security later than it is to design it in right from the start. Security capabilities should be proactively included within applications, programs and infrastructures.”

• Continuous Improvement

“Securing digital IP is not a ‘one and done’ activity. Monitoring information security best practices, performing risk reviews, and scaling security policies and controls continuously is needed to keep ahead of emerging threats,” AGMA says, adding that companies should foster a culture and introduce processes that prioritize adding periodic security improvements.

While following AGMA's guidelines isn’t mandatory, the steps could aid a company when it comes to preventing IP theft. The non-profit is also encouraging companies to ensure they comply with standards like HIPAA, NIST, GDPR, and any standards via the International Standards Organization (ISO) that may apply, if they’re not already.

AGMA, first formed by Hewlett-Packard and Cisco Systems in 2001, bills itself as the largest group dedicated to protecting intellectual property in the high tech industry.

While the current administration has taken actions to promote and protect intellectual property, by nearly all accounts, IP theft continues to run rampant in the U.S.

In a CNBC survey last year, 1 in 5 corporations claimed that companies in China have stolen their IP within the last year. Other reports credit China for being responsible for over half a trillion dollars a year of IP theft in the U.S. A more commonly cited report, published in 2017 by the National Bureau of Asian Research, suggests “that the annual cost to the U.S. economy continues to exceed $225 billion in counterfeit goods, pirated software, and theft of trade secrets and could be as high as $600 billion.”

Those numbers fall in line with statistics via the U.S. Chamber of Commerce, which estimates that IP theft costs domestic companies somewhere between $200-$250 billion a year in lost revenue.