Today, protecting intellectual property and confidential information is a major challenge for businesses all over the globe. From cybercrime to human error – it can be very difficult to keep IP confidential information safe in this digital world.
Most businesses have confidential information in one form or another and, in the 21st Century, all businesses are operating in an environment plagued with sophisticated attackers. IP is difficult to protect, so businesses should develop a security-conscious culture and focus on raising awareness of the changing threat landscape with its employees and third parties.
“International commerce brings huge opportunity to businesses and individuals that possess a unique product with mass appeal. However, this global market-place also includes threats ranging from cybercrime to human error, but businesses can implement some simple steps to help minimize the risks that exist to their commercially sensitive confidential information, knowhow and trade secrets,” James Martin, partner at DMH Stallard, told Inside Counsel in a recent interview.
Martin shared 10 key considerations for how business owners should protect IP, commercially sensitive confidential information, knowhow and trade secrets.
Educate employees. Employees must understand the importance of information security, therefore it is recommended to develop policies so that responsibilities are clear.
Implement an awareness program. The threat landscape changes constantly, so it is important your employees understand new threats, especially when they can be targeted i.e. social engineering.
Implement and enforce a stringent password policy. Ensure strong passwords are put in place by all employees which are of a reasonable length with varying characteristics. Also, do not permit employees to use personal information in their passwords to make them more difficult to guess.
Operate a clear desk screen policy. Avoid the risk of sensitive documents containing confidential and sensitive information from falling into the wrong hands;
Implement defence in depth. Layer your security, particularly with your most sensitive or confidential data, so that even if one layer of security is compromised there are still other layers to prevent unauthorized access.
Regularly review and investigate logs/alarms. Look for suspicious and unauthorized activity and consider implementing Security Incident Event Management (SIEM) software to automate the log analysis process.
Implement a data loss prevention solution. Prevent users from sending data to an external source and that tracks data movement that is prohibited.
Only grant the minimum access required. Restrict access to confidential files with access to be authorized on the basis that it is essential for an employee’s role, reviewing access permissions regularly.
Include IP and confidentiality terms in employee contracts. Protect your IP and data and outline the consequences of failing to do so.
Disable employee access to sensitive information upon resignation.
IP rights is an umbrella term for many different rights which are essentially products of the mind, according to Martin. Some of these rights come into existence automatically while others must be applied for and registered at the Intellectual Property Office along with the payment of a fee.
“For an increasing number of businesses, their IP rights are worth more than their physical assets,” he explained. “It is often pointed out that one of the biggest retailers in world today does not operate from physical stores (Amazon), one of the world’s biggest providers of accommodation owns no property (Airbnb) whilst one of the world’s biggest providers of minicabs owns no cars (Uber).”
By protecting IP rights, businesses can reap the rewards of their investment. If a business develops something which can easily be taken and copied by a third party and competitors then the value of their proposition is diminished. So, having the exclusive right to exploit their creations adds value, assists in developing loyalty in customers and encourages further investment and innovation in the economy.
Although not technically being IP, confidential information, knowhow and trade secrets are allied with IP. According to Martin, this can cover anything from customer or supplier lists to confidential manufacturing processes as well as other knowhow of the business, which may provide the business with a competitive edge over its rivals. So, if such information falls into the hands of competitors, it can prove damaging to businesses resulting in lost profits or worse as those competitors exploit the information to their own advantage.
“Threats can come in many disguises. Often, they may be closer to home than one might expect and this is particularly true in the case of employees,” said Martin. “Employee errors and negligence could result in the commercially sensitive information, knowhow and trade secrets falling into the hands of rivals and competitors.”
Disgruntled employees may take sensitive information with them to their new employers or seek to exploit what they have taken for themselves. Unsecure IT systems can increase the risk of cybercrime and hackers obtaining confidential information as Sony Pictures in Hollywood experienced to its detriment.
In terms of IP, the biggest threat is not having adequate protection covering a businesses’ IP rights at the outset. “To address this, businesses should develop IP strategy that is well thought out and fit for purpose considering immediate, medium term and long term needs, as the business develops and grows,” he explained. “If the right protection is in place, this can act as a shield keeping competitors at bay as well as a sword to pursue those who infringe the IP rights.”