Securing high-value content: How to ensure the right content doesn't fall into the wrong hands

As a publisher of market intelligence, imagine the following scenario.

Coca-Cola*, one of your largest corporate accounts, purchases an enterprise license for your annual overview of the global soft drinks market. The report is delivered to them as a PDF, and you assume it is being used internally as per the stated licensing agreement. However, you soon learn that Pepsi* are using data in presentations and business reports that could only have come from one place: your annual overview of the global soft drinks market. But you know that Pepsi didn’t purchase a copy!

Often in this situation, content is not shared with malicious intent: many customers simply have a laissez-faire attitude to licensing and sending a report to a friend in a rival organisation is often done thoughtlessly due to the ease of sharing PDFs. In other instances, it is done deliberately to steal revenues and undercut the publisher’s hard work. Regardless of intent, both forms of distribution are financially damaging for publishers.

*(disclaimer: Coca-Cola and Pepsi have been referenced purely for illustrative purposes and this example does not reflect on the integrity of their employees!)

Production costs

Business information’s value is unquantifiable, but the content’s price reflects the production costs for a niche market, the expertise of the author and the cost of research and data collection.

Syndicated market research reports are undoubtedly highly valuable products. Every report is produced by several teams, from the authoring analyst (or analysts) to editorial who ensure factual correctness and consistency, followed by production who work on design, layout, and quality control. Sales and marketing teams then join the fold to decide how to package and sell the content. This process involves many people, many hours of work, and significant expense to the publisher.

Securing this painstakingly produced, high-value content is at the forefront of any provider’s mind and is increasingly relevant as cyber-security concerns seep into our everyday working and personal lives. Content is extremely easy to steal or lose control of in a complex and ever-changing digital security landscape. Publishers should be aware of the common security hazards, and solutions, that regularly trouble providers of market intelligence.

Copyright theft

At its crudest, copyright theft is stealing, re-packaging and selling, usually at cut-price, the same content publishers have spent weeks or months putting together. Copyright theft is a growing issue in the B2B publishing community, as with increasing regularity, organised networks work together to obtain high-value content, remove any references to the actual copyright owner from the report, dataset or video and market it often for a fraction of the price.

One industry figure posting in the Renewd online community, a network for subscriptions professionals and B2B publishers, identified over 80 pseudo-information firms working together to disseminate copyrighted material and shockingly found over 90 examples of their content listed on 11 individual sites. Networks of this nature will grow in number and become more sophisticated in their tactics, so publishers must be aware of this threat.

Solution

Vet all purchasers of your content – ensure that buyers input some personal information before making purchases. If, for example, an individual is trying to buy a $4,000 report and has no associated company of note this should raise alarm bells.

Mass sharing

In a similar vein to copyright theft, mass sharing involves the downloading of licensed content and distributing without the permission of the publisher. Often unlicensed distribution of content is committed by one of your loyal (or so you thought) subscribers rather than an anonymous denizen of the internet.

There are 3 main forms of mass sharing:

• The internal sharer – occurs when a registered user downloads a whole report and uploads it to their corporate intranet or internal knowledge centre.
• The external distributor – this offence arises when a user shares content with friends outside of their organisation.
• The home drive saver – involves fewer people but still takes the content out of the publishers’ possession and could evolve into the other two distributors in the future.

Commenting on this type of threat, Edwin Bailey, Director of Marketing at Content Catalyst, who has over 20 years of experience in licensing content said; “Content delivered as PDFs via email is most at risk to this form of theft, and although publishers may have DRM systems in place these can be easily bypassed via password sharing or manipulation of the PDF document’s properties. Most subscribers are, of course, reliable and trustworthy. However, it only takes one user to bypass these rudimentary safeguards before your content is freely passed around another corporate account without your knowledge.”

Solution

Invest in a content delivery system capable of tracking content usage and managing access rights. Analytics and licensing allow greater control over usage and enables site administrators to keep tabs on potential rule-breakers. Having settings that prevent users from downloading whole reports offline can also be an effective preventative measure.

Corporate account sharing and fair use policy

Fair use policies have often been a sticking point between publishers and clients. Breaches of fair use frequently come in the form of password sharing amongst colleagues. Corporate licenses are granted with certain limits – a common restriction being the number of users associated with the account. Once the company reaches the pre-agreed number of users accessing the provider’s content, the client should move to the next pricing bracket and be charged a higher fee for access.

For example, a corporate team buying an account with 20 registered users when there are 100 members in their department should be flagged as a risk. If unregistered customer employees then ask the publisher’s analysts or salespeople content-related questions, this is an obvious sign of unauthorised access and may confirm the suspicion of password sharing.

Solution

Tracking IP access is a handy way of getting a sense of the number of devices accessing your site. Again, usage analytics, particularly those related to log-ins and geographical location are vital: if you can see that a certain account is logged in 24 hours a day with constant activity, it’s possible to deduce that the password is not just being shared amongst direct colleagues but across multiple time-zones – a major breach of fair usage policy.

Password breaches

In June of 2021, the largest ever password data breach was leaked – 8.4 billion passwords in total were compromised. This problem is not sector-specific, but the sheer volume of passwords leaked every year makes this an issue publishers should be wary of.

Tom Gibbs, CIO at Content Catalyst who has been at the forefront of keeping Content Catalyst secure, explains that “the ubiquitous threat of data breaches means publishers should strive to implement security via a combination of best practices and a robust tech ecosystem.” Five security features he recommends that publishers should consider to ensure content security are (these are also all features of the Content Catalyst platform):

1. 2-Factor authentication – reduces the chance of password sharing among colleagues and external attackers as only permitted IP addresses will receive entry codes.
2. Password age – a setting that allows site administrators to enforce the frequency that users must reset their password.
3. Trusted domains – restricts which email domains can access the site.
4. ReCAPTCHA – this widget will ensure bots are unable to register to your site.
5. SSO integration – with providers Okta and Microsoft Azure AD, facilitating better password practices and more secure log-in systems.

Solution

Invest in subscription software or a content delivery platform that has a range of features designed to counteract and reduce the threat of content breaches. It’s also important to sign-up to specialist password protectors, such as LastPass for your internal employees and if you are sharing passwords over email, ensure you use encrypted password services, such as PW Push.