SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Taking back control: Four steps to reporting unlicensed software usage
Tue, 4th Sep 2018
FYI, this story is more than a year old

Most businesses around the world depend on software and other business technologies to make their operations more efficient, boost their bottom lines, and stay competitive in a crowded marketplace.

Despite the enormous benefits that software brings to the table for a business, many still choose to forgo paying for it, opting to instead use unlicensed software. Though freebies may sound appealing, the risks that unlicensed software pose to businesses are real.

By using unlicensed software, a business gets no access to the latest updates, patches and the array of tech support that accompanies licensed software, thereby limiting operational efficiency as well as leaving sensitive data and business systems exposed to malware infestation and cyber attacks. Additionally, malware can cost a company approximately A$3.2 million/NZ$3.6 million (or US$2.4 million) average per attack and can take up to 50 days to resolve.

Reporting unlicensed software usage is thus essential to limiting its harm and protecting the data of those involved. If you wouldn't want your own data to be kept on unsecure software, why risk exposing the data of others to cyber attacks?

In Australia and New Zealand, 18 to 16 percent of software is unlicensed, which is estimated to cost between approximately A$809.6 million and NZ$92.9 million respectively (or US$540 million and US$62 million) in unpaid products per year – that's a staggering amount of potential “lost” revenue for software developers.

If a business depends on customers paying for their products, software developers too depend on businesses using licensed software for their hard work.

Unlicensed software usage is, thus, not only an ethical issue but it's also one that could end up being significantly expensive for all parties involved.

Here are the steps you should follow to report on unlicensed software usage:

Step 1: Report to BSA (The Software Alliance)

If you have a suspicion or proof that your employer is using unlicensed software, report to BSA by using the form on the website where you will be required to identify important details relating to the infringements by your company.

This includes, among other things, the type of unlicensed software used, and the number of PCs operating the infringing software. You are also asked to leave your own contact details in case BSA and/or its appointed lawyer needs to reach you for further information.

Step 2: Investigation begins

After you have submitted the form, a BSA representative may reach out to you for further information. You may be asked to provide evidence (such as screenshots proving the usage of unlicensed software) or written statements which may be used in negotiations or court proceedings with your consent. To know more about the progress of your report, you can email info@bsa.org to receive the latest update.

Step 3: Collect evidence of unlicensed software usage or provide written statements

To support the report submitted to BSA, you can start by collecting evidence that demonstrates possession or intent to use unlicensed software. Screenshots are typically the best type of evidence – they could include file directories where the unlicensed software is installed; educational licenses being used for commercial purposes; or frequent error messages when using the software. Other examples of good evidence are instructions issued by the company or IT department on bypassing software registrations or installation verifications.

If you are unable to acquire any evidence, you may provide a written statement detailing exactly what you saw or heard about unlicensed software usage by your employer.                                                         

Once you have collected the evidence, submit it to BSA for ongoing investigation.

Step 4: Taking action against infringers

Your information and cooperation is critical in determining if legal action can be taken against your employer. BSA will decide whether there is a good case against your employer based on your information and evidence. Such action may involve court proceedings or may be settled out of court between parties.

If in the event that BSA pursues an investigation and, as a direct result of the information provided by you, receives a monetary settlement from the reported company, you may be eligible to receive a reward of up to A$20,000 or NZ$21,800.

Ensuring that businesses remain software compliant is key to thwarting cyber attacks, maintaining data security, and driving growth of the digital economy by protecting the interests of software developers. Report unlicensed software usage today to BSA.

Note: Informant confidentiality is of the utmost importance to BSA – your identity will not be disclosed at any point throughout the process, unless you expressly consent to that disclosure.