Anything that has value is at risk of being stolen, and unfortunately, that includes your company’s ideas and information.
After all, intellectual property generates tremendous value in today’s economy. In 2019, American industries that rely on IP generated more than $7.8 trillion in gross domestic product, according to the US Patent and Trademark Office. Those companies employed about 44% of the workforce.
So it’s probably not too surprising IP theft is a huge problem. Annually, it’s estimated to cost the US economy between $225 billion and $600 billion, according to the Commission on the Theft of American Intellectual Property.
Securing your intellectual property, trade secrets and other sensitive information needs to be a top priority, but if you’re new to it, that can be a tricky process. How do you safeguard something as intangible as an idea? The good news is there are several policies and even physical defenses you can put in place to protect your information.
Seek Legal Protections Where Available
Have you created a new piece of software? Or maybe you just developed a game-changing design for a new pickup truck? You need to seek a patent. The same goes for any artistic works or brand elements – you need copyrights and trademarks, respectively, so you protect your company’s exclusive use of those ideas.
And should the bad guys try to steal them, you can seek justice (and damages) through the legal system.
But there’s another category of intellectual property: trade secrets, which are processes, lists and other information that — if they were made public — would lose much of their value. Instead of registering this information with the government, the company protects trade secrets by … well, making sure they remain a secret.
Enforce Confidentiality with Signed Agreements
If you have trade secrets, you should protect them with legal agreements.
Namely, require your employees, contractors and anyone else who interacts with your company’s sensitive information to sign nondisclosure or confidentiality agreements. Even creating a general code of conduct can be helpful.
When you require people to sign these documents, you’re defining desired behavior and outlining the potential consequences, especially legal consequences, for failing to treat sensitive information appropriately. Remember, people can’t live up to your standards if you don’t tell them what those standards are.
Take Inventory, and Label What You Find
To protect your sensitive information, you need to make sure that you’ve accounted for everything that needs protection. That could include not just your copyrighted or patented materials, but sensitive information like your client list, your marketing plans for the upcoming quarter or customers’ personally identifiable information (PII) that you could be legally accountable for guarding.
Once you have an inventory of your sensitive data, it’s also a good idea to determine how sensitive it is. That is, how much trouble would it create for your business if a specific piece of data was stolen? Can you quantify in dollars how large the loss would be? Do that, and you’ll have a clear idea of how many layers of security you need to apply to that information.
One word of warning: Fight the temptation to label everything confidential. If everything is “special,” then nothing is — and your team will be so numb that they won’t protect the files that really are sensitive.
As part of the inventory, you should also determine where your sensitive data and documents currently live. You might discover that you’re keeping valuable information in a Dropbox folder that anyone can access, leading you to create a better, more secure storage system for your files.
You’ll need to determine who really needs access to specific pieces of information in order to do their jobs. Then set up systems that limit access for just those people and track when they interact with sensitive materials. And make sure you have policies to change their permissions as they’re promoted, changed departments or leave the organization
Invest in Data Loss Prevention Software
Data Loss Prevention (DLP) refers to a family of solutions that help defend against a range of data losses, both intentional and accidental.
For example, some DLP solutions will notice if an employee is trying to email a sensitive document or data outside the organization and prevent the message from going through. Some DLP tools will set up a system that locks down files and only allows access after users have been authorized.
Other solutions will scan files for data that might be personally identifiable — like credit card numbers — and prevent it from being transferred out of your network or, if it is allowed, encrypt the file and keep a record of where it was sent.
By automating a significant part of your security, you make it that much harder for a bad actor to wreak havoc in your systems.
Secure Your Physical Space
While it’s important to secure your company’s digital assets, you need to make sure that your physical properties are secure, too. Your server room, for example, should be locked and access should be controlled via a log or password. The same goes for any other rooms that might store physical copies of sensitive information, such as a records room or your bookkeeper’s office.
The boldest thieves will also engage in tailgating, aka piggybacking. They’ll hang around the entrances of your building — maybe near the spot where employees like to take smoking breaks — and follow your workers back inside. From there, it’s usually pretty easy to find an unattended computer with an unlocked screen. Make sure your team knows to question anyone who doesn’t show their ID to gain entrance to your building, and teach them to lock their screen anytime they leave their desks.
Think Like a Thief
The problem with prevention is that you’re up against motivated, clever people who will constantly look for ways to penetrate the shields you have built. The solution? You need to think like a thief and actively look for holes they could exploit in your security.
Maybe you realize that someone could get a partial picture of your development plans by going through your office garbage. That could lead to an officewide policy of shredding all paper documents once they’re ready to be thrown away.
Your team members might be able to spot problems, too. Your office admin might remember that your centralized office printer contains digital copies of every document that it processes. That warning could remind your IT team to ensure there are controls in place to delete those documents and protect them from any intruders on your office network.
Even pieces of information that seem benign — like your company roster or a speech at an industry event — could be taken together to give competitors useful (and damaging) information about your company.
Train Your Employees to Prevent and Spot Potential Theft
While you have to be alert to cyberattacks, remember that even the most sophisticated breaches often start because a human being accidentally let the bad guys into your system. Companies can increase their security by actively training employees on the most common types of breaches, whether that’s via email, SMS, phone or physical entry to your building. Employees should not only know how to spot these attacks, but also know exactly where to make reports about them.
And this kind of security training needs to be regularly repeated. Even the most diligent team can let their guard down. You might consider hiring a service that regularly sends your team fake phishing attempts — employees who click a link or download an attachment from those messages could be targeted for extra training or coaching.
Be Ready for Internal Threats
While many breaches are the result of carelessness, some are deliberate acts by employees with an ax to grind. You and your managers should be trained to spot disgruntled workers and address the root causes before those employees decide to do something drastic. Investing in an Employee Assistance Program is another way for struggling team members to find help when they need it, before they act out.
Guarding your ideas and information takes careful planning and continued diligence, but the effort is ultimately worth it. Your intellectual property, your trade secrets, could be your company’s decisive edge in the marketplace. Don’t give up that critical advantage without a fight.
The Takeaways: How to Secure Intellectual Property
- Where possible, seek legal protection by obtaining patents, trademarks and copyrights for valuable information.
- Some information — including client lists, unique processes and other trade secrets — must be kept secret in order to maintain its value.
- Conduct an inventory of your sensitive information, and create a system that limits access to people who must have it in order to do their jobs.
- Use nondisclosure and confidentiality agreements to maintain the secrecy of trade secrets.
- Use technology and physical barriers to limit access to your most sensitive information.
- Train your team to spot potential signs of trade secret theft and report it.
- Think like a thief — constantly look for ways that bad actors could violate your security.
At Chesley Brown, we understand that planning for the unknown can be daunting. That’s why we’ve built a framework that enables businesses to navigate and anticipate risk before it becomes a crisis. We are here to manage risk so you don’t have to. If you or your team have questions about how to secure intellectual property, our experts are here for you.
For industry-leading guides and analysis sign up for our blog below.
Fighting Terrorism with Strong Private Sector Relationships
Fighting Terrorism with Strong Private Sector Relationships From Chesley Brown International Risk Management “Threat mitigation is a team effort; it’s this relationship and collaboration which is critical to the counterterrorism fight.” We face the same…Read More
Facial Recognition: the First Catch
Facial Recognition Makes its Grand Entry The new technology, deployed in airports across the country, makes its first catch. From Chesley Brown International Risk Management On its third day of testing, facial recognition technology caught…Read More
Are Employees an Unintentional Security Risk for Cyber Attacks?
Are Your Employees an Unintentional Security Risk for Cyber Attacks? In these times when malware is prevalent and easily disguised as email attachments or seemingly innocent software updates, one of the questions that arises is:…Read More
DHS and Canada Team up for First Responders
DHS and Canada Team Up to Develop Resources for First Responders From Chesley Brown International Risk Management Artificial Intelligence Meets Boots on the Ground to Improve Patient Outcomes The United States and Canada have joined…Read More
Supreme Court Decision Regarding the Privacy of Digital Data
Supreme Court Decision Personal Rights and the Expectation of Privacy in the Digital Age From Chesley Brown International Risk Management In Major Privacy Case, Court Rules Law Enforcement Must Obtain Warrant To Track Cellphone Data.…Read More