Theft of digital information costs companies $250 billion a year. Now is the time to get smart on protecting those intangible assets.
When it comes to trade secrets, one of the most famous is the formula for Coca-Cola, which, as rumor has it, the company never patented.
Coca-Cola and many other businesses seek a competitive edge by maintaining the confidentiality of their trade secrets, but that task is more challenging in a digital age with cyber criminals who are increasingly adept at penetrating computer systems.
Intellectual property theft is a huge issue, according to the National Crime Prevention Council, which reports that 45% of all U.S. businesses have reported losses due to intellectual property theft.
It also estimates that the theft of digital information costs companies $250 billion a year.
So what is a company to do to protect its intellectual property that may include patents, trade secrets, trademarks, copyrights and trade dress?
“One way companies protect their key technology, and probably the most powerful way, is with patents,” said Adam Philipp, a patent attorney and founder of AEON Law in Seattle.
“They will usually only do that for technology for which they need that high level of protection or if it’s the kind of technology that is likely to be superseded in the future.”
Theft of a trade secret or trademark is a greater threat than theft of a patent, added Brian Bianco, chair of the Intellectual Property Practice Group at Akerman LLP in Chicago. That’s because businesses or individuals who register patents agree to make the information public.
“That’s the tradeoff for getting a patent,” Bianco said. “Whatever you invented is made public. In exchange, you, as the inventor, get a monopoly, typically of 20 years on it.”
Here are some other tips Philipp and Bianco offer for businesses to protect their intellectual property.
1) Have a Plan
Unfortunately, according to Bianco, many businesses don’t have a good grip on what their intellectual property is and don’t have a plan in place for protecting it.
“If you are a business, you really should be in tune with all forms of intellectual property you have and be proactive about how to protect it in different ways,” he said.
“My top tip for businesses is to have a plan—and that is for whatever type of business you are in.”
2) Regularly Review Intellectual Property
When companies develop new technologies or products, they should be asking whether those need to be protected either through a patent, as a trade secret or as a trademark.
“You want to have regular sessions with people working with R&D or in product development and ask them, ‘Do you think you are coming up with something new or patentable?’ ” Bianco said.
“We call that invention harvesting. You mine whatever they are working on. It’s helpful to have these conversations because employees may not recognize that there is intellectual property being developed.”
3) Don’t Infringe on Others’ IP
Companies are operating in competitive spaces, but they need to be careful about how they achieve their edge.
Bianco advises businesses to avoid the risk of a lawsuit or other action by checking to be sure they are not infringing on their competitors’ intellectual property.
Protecting intellectual property and not infringing on another’s “are two sides of a similar coin. But both should be paid attention to and consistently be paid attention to,” he said.
4) Keep Trademarks and Trade Dress in Mind when Marketing
Think of the Nike swoosh symbol and its iconic phrase “Just Do It.”
A trademark can be any word, phrase, symbol, design or a combination of these things that identifies any business’ goods or services. It’s how customers recognize a business in the marketplace and distinguish it from its competitors.
Trade dress is the unique design or shape of materials in which a product is packaged and which are identified with a business.
“Both should be of concern when you are creating any kind of marketing information,” Bianco said. “Marketing can be used to strengthen those rights.”
For instance, “if a marketing person is contemplating use of one of several different ways to say something, saying it in a consistent way throughout different publications or marketing pieces starts to make that a trademark,” Bianco said.
“Be consistent in your marketing or always use a consistent color, for instance, if you are trying to generate some kind of brand recognition. If you are conscious of those issues when you create marketing, you are not only creating marketing, but doing it in a way that protects your brand.”
5) Control Employee Access to Trade Secrets
“Protecting against trade secret misappropriation is really about figuring out how to keep individuals from exceeding their authority with the company’s secrets,” Philipp said.
“Nowadays, it becomes more of a computer security problem,” he said.
“If a business knows that it has important business secrets that have an economic value, then they need to think about what steps they are taking to help employees from intentionally or unintentionally conveying that secret information outside of the space where it belongs.”
6) Restrict Access to Networks
One way to protect a company’s secrets is to make sure they are not stored on a computer that’s connected to a network.
“For the most important secrets, it is important that the computer housing that information is not connected to any network and controls are in place to ensure individuals who have permission to access that information are the only ones permitted to do so,” Philipp said.
7) Multifactor Authentication
Based on the level of security needed, Philipp recommends companies use multifactor authentication for employees to access information on a business’ computers.
Authentication may be based on range of factors, such as something you have (such as a password), to something you have plus something you own (such as cell phone on which you receive a unique code), to something you are (such as a fingerprint, retinal scan or other biometric).
Using all three forms would be the most protective.
“In the unlikely chance someone has stolen my password and stolen my cell phone, it would be difficult for them to also get my retinal scan,” Philipp said.
The factors required to access a computer can vary by employee and their job function.
“Depending on the level of security needed, you could require one, two or three separate factors of authentication for access to increasingly valuable data,” Philipp said.
8) Considering Using a Password Manager
“Password reuse is one of the most dangerous practices, especially where there is a standard password used throughout the company,” Philipp said. “People get used to using it to access the everyday information they need to operate the business. But then they get access to things they shouldn’t have access to.”
He recommends providing employees with passwords that are not re-used and that every person gets access only to the information they need to do their jobs.
Businesses should consider using password managers that create unique passwords.
“Making sure everyone is using a password manager and not reusing passwords goes a huge way towards making sure each person in the company accesses only the information they need to do their job,” Philipp said.
9) Assign Appropriate Security Levels to Employees
Employees should only be able to access the information they need to do their jobs.
For example, “a driver who picks up at a warehouse doesn’t need to have access to your company’s whole customer list,” said Philipp.
10) Security Training
Employees should receive regular training to recognize phishing attempts or scams that come in emails.
“Never open documents of any kind, including pdfs or word docs or links from someone you don’t recognize,” he said. “Avoid the curiosity impulse of saying ‘Oh. I wonder what this is.’ ”
Philipp said it is also important to train employees to differentiate legitimate emails from scams and to name a person on staff who can be called to help if a question arises on whether to open an email or not.
11) Cloud-based Backups
Philipp said his own firm suffered a loss of files when an employee clicked on a fraudulent email. That loss was severely limited, and files were recovered because his firm uses cloud-based backups.
“There is really no excuse not to have secure cloud-based backups in place in this day and age,” Philipp said. “The cost of using a cloud-based backup solution is miniscule compared to a ransomware attack or hack. There are ways of storing information if it is encrypted and secret.” &