Story image

Taking back control: Four steps to reporting unlicensed software usage

04 Sep 2018

Most businesses around the world depend on software and other business technologies to make their operations more efficient, boost their bottom lines, and stay competitive in a crowded marketplace.

Despite the enormous benefits that software brings to the table for a business, many still choose to forgo paying for it, opting to instead use unlicensed software. Though freebies may sound appealing, the risks that unlicensed software pose to businesses are real.

By using unlicensed software, a business gets no access to the latest updates, patches and the array of tech support that accompanies licensed software, thereby limiting operational efficiency as well as leaving sensitive data and business systems exposed to malware infestation and cyber attacks. Additionally, malware can cost a company approximately A$3.2 million/NZ$3.6 million (or US$2.4 million) average per attack and can take up to 50 days to resolve.

Reporting unlicensed software usage is thus essential to limiting its harm and protecting the data of those involved. If you wouldn’t want your own data to be kept on unsecure software, why risk exposing the data of others to cyber attacks?

In Australia and New Zealand, 18 to 16 percent of software is unlicensed, which is estimated to cost between approximately A$809.6 million and NZ$92.9 million respectively (or US$540 million and US$62 million) in unpaid products per year – that’s a staggering amount of potential “lost” revenue for software developers.

If a business depends on customers paying for their products, software developers too depend on businesses using licensed software for their hard work.

Unlicensed software usage is, thus, not only an ethical issue but it’s also one that could end up being significantly expensive for all parties involved.

Here are the steps you should follow to report on unlicensed software usage:

Step 1: Report to BSA (The Software Alliance)

If you have a suspicion or proof that your employer is using unlicensed software, report to BSA by using the form on the website where you will be required to identify important details relating to the infringements by your company.

This includes, among other things, the type of unlicensed software used, and the number of PCs operating the infringing software. You are also asked to leave your own contact details in case BSA and/or its appointed lawyer needs to reach you for further information.

Step 2: Investigation begins

After you have submitted the form, a BSA representative may reach out to you for further information. You may be asked to provide evidence (such as screenshots proving the usage of unlicensed software) or written statements which may be used in negotiations or court proceedings with your consent. To know more about the progress of your report, you can email info@bsa.org to receive the latest update.

Step 3: Collect evidence of unlicensed software usage or provide written statements

To support the report submitted to BSA, you can start by collecting evidence that demonstrates possession or intent to use unlicensed software. Screenshots are typically the best type of evidence – they could include file directories where the unlicensed software is installed; educational licenses being used for commercial purposes; or frequent error messages when using the software. Other examples of good evidence are instructions issued by the company or IT department on bypassing software registrations or installation verifications.

If you are unable to acquire any evidence, you may provide a written statement detailing exactly what you saw or heard about unlicensed software usage by your employer.                                                           

Once you have collected the evidence, submit it to BSA for ongoing investigation.

Step 4: Taking action against infringers

Your information and cooperation is critical in determining if legal action can be taken against your employer. BSA will decide whether there is a good case against your employer based on your information and evidence. Such action may involve court proceedings or may be settled out of court between parties.

If in the event that BSA pursues an investigation and, as a direct result of the information provided by you, receives a monetary settlement from the reported company, you may be eligible to receive a reward of up to A$20,000 or NZ$21,800.

Ensuring that businesses remain software compliant is key to thwarting cyber attacks, maintaining data security, and driving growth of the digital economy by protecting the interests of software developers. Report unlicensed software usage today to BSA.

Note: Informant confidentiality is of the utmost importance to BSA – your identity will not be disclosed at any point throughout the process, unless you expressly consent to that disclosure.

Article by BSA APAC director - compliance programs, Gary Gan.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.