Intellectual property is often among an organization’s most valuable assets, yet it’s also vulnerable to threat and compromise, particularly the vast amounts of intellectual property stored electronically today. Intellectual property can take many forms, from general knowledge about a company’s operating processes to creative works that an individual or company creates. Protecting intellectual property is a top priority for today’s organizations, because a breach that compromises IP might mean that your knowledge assets are in the hands of your biggest competitors – and in many cases, it’s your intellectual property that gives you a distinct competitive edge.
So what can today’s enterprises do to protect their intellectual property from threat and compromise? To gain some insight into the latest techniques and methods for securing IP, we reached out to a panel of security professionals and intellectual property attorneys and experts, asking them to weigh in on this question:
“What are the best ways to secure intellectual property against loss or compromise?”
Read on to discover what our experts reveal about securing intellectual property. Click here to jump to TayganPoint’s response.
Gary Smith is a member of the Corporate Department of Boston law firm Posternak Blankstein & Lund, and chairs its Intellectual Property and Technology Practice Group. His practice includes protecting and licensing intellectual property, negotiating and drafting Internet-related agreements, counseling clients on technology and e-commerce matters, franchising, and general corporate representation. He also handles complex litigation, including patent infringement, trademark and copyright actions.
“For certain intellectual property…”
The grant of a legally enforceable ownership and right of exclusivity can be obtained in the form of a patent in exchange for public disclosure of the protected intellectual property. For other forms of intellectual property, such as trade secrets and know-how, the inherent value to an owner is entirely dependent upon maintaining secrecy and protecting against loss or compromise. Examples can include source code, formulations, methods and processes.
These types of intellectual property are vulnerable to loss or compromise from both internal and external sources. Internally, trade secrets and know-how must be protected against disclosure, deliberate or otherwise, by the company’s employees. The first line of defense is to limit disclosure of vulnerable IP only to necessary and key employees and to restrict access or usage to this core group. In some cases, access can be further restricted so an employee can utilize or access only a portion of the protected know-how. Other important steps include use of non-disclosure agreements with employees, implementation of methods to monitor and be aware of disgruntled employees, and careful tracking of unauthorized or unnecessary access attempts.
Intellectual property can also be subject to loss or compromise from external sources. Cyber-attacks and system hacks are primary external threats. Intellectual property owners should make sure that tight security protocols are in place for all computer systems, including use of firewalls, security monitors, intrusion detection systems and intrusion prevention devices, among others. Trade secrets residing in computer systems can also be protected with encryption technologies or by limiting storage to computer systems that do not have external internet connections. Companies that seek to secure intellectual property residing on computers should view the servers holding such assets as the modern day equivalent of a safe, and take action to make it as locked-down as possible.
Trade secrets and know-how can also be vulnerable to loss or compromise through business partners. To prevent this, disclosure to partners such as contract manufacturers should be limited. Key components may also be sourced from different suppliers so that only portions of relevant intellectual property are disclosed to any one entity. Finally, disclosure should be carefully evaluated and limited in jurisdictions where judicial protection of intellectual property is less stringent.
Roger Johnston @RbSekurity
Roger G. Johnston, Ph.D., CPP is CEO of Right Brain Sekurity, which does security consulting and vulnerability assessments. Previously, he was head of the Vulnerability Assessment Teams at Los Alamos and Argonne National Laboratories (1992-2007 and 2007-2015). He is Editor of the Journal of Physical Security and author of ~200 papers, 11 patents, and 90+ invited talks.
“Protecting IP is usually more about the carbon than the silicon…”
Here are some useful things to do that are little more than common sense, but that few organizations consider or do well. (As Voltaire said, the problem with common sense is that it isn’t all that common.)
- Identify what is really in need of protection and why. If everything is classified, then nothing is. Out of a sense of ego or unwillingness to do the analysis, a lot of companies and organizations overprotect information that simply isn’t all that valuable to competitors, adversaries, or foreign governments. This wastes security resources and diverts attention from the real security that is needed.
- Continually remind your people with access to sensitive IP what to protect, why to protect it, how to protect it, and the potential consequences to the company (and them) if it escapes.
- Make sure your people without access to IP know what to do if they inadvertently come across IP needing securing.
- Limit the number of copies of sensitive IP and strongly encrypt it if is going into the outside world, such as on laptops.
- Deploy effective insider threat countermeasures. Particularly focus on disgruntlement detection and mitigation techniques. There are many motivations for an inside attack, but disgruntlement is one of the easiest to address. Treat all employees and contractors well (not just “fairly”), especially those with sensitive IP access and those who have been terminated. Have fair, effective, and widely used grievance and employee assistance programs.
- Legally and vigorously prosecute industrial espionage; don’t cover it up. You want to send the message that it will not be tolerated.
- Have role-based access privileges that are frequently reviewed and that are changed INSTANTLY with promotion, re-assignment, termination, re-organization, need to know, or other changes in employment status.
Brian Kirkpatrick @Software_Lawyer
Brian Kirkpatrick is a business and technology attorney who focuses his practice on intellectual property, technology, privacy, and cybersecurity law.
“The best ways to secure intellectual property against loss or compromise are…”
- Determine the IP assets of the business, where the assets are located, license and renewal terms, and any filing or renewal requirements.
- IP assets should be categorized as to the sensitivity. Sensitive IP assets should be managed only by those with a need to know.
- Proper policies and procedures tailored to the business should be implemented. The paper alone is not sufficient without training and enforcement.
- Internal security and asset management systems should be implemented to allow managers to control who has access to specific information. Also, logs should be maintained in the event of a breach. System alerts should also be implemented that notify system administrators of anomalous or unauthorized activity.
- Vendor contracts should be negotiated with sufficient requirements to manage IP held outside of the business with companies such as law firms and other suppliers.
Michael Fimin @TrueCalifornian
Michael Fimin is the accomplished expert in information security and the CEO and co-founder of Netwrix, the IT auditing company providing software that maximizes visibility of IT infrastructure changes and data access. Netwrix is based in Irvine, CA.
“First, effective data security strategy starts with defining…”
Which information you need to protect in the first place. Would it be necessary to secure any patents, prototypes? Do you store any creative work, like books, paintings or drawings, or other copyright property and do you monitor who has access to it? Prioritize your data and segment it, this will help you make better data management decisions and help you refine your security procedures.
Second, remember that there are two major types of cyber threats: those that come from the outside and from the inside of your IT networks. Make sure to enable technologies to distinguish adversaries’ activities at the earliest stage possible and close the doors before the data is compromised. The same comes to disgruntled employees or third-parties that have access to your sensitive data and may harm your business – for example, posting personal details of your employees at some darknet forums.
The two things above require a common approach – complete visibility into the IT infrastructure, allowing to understand what is going on across critical systems and applications, e.g. who did what, when and where, and who has access to what in order to ensure data security and mitigate the human factor. Combined with user behavior analytics, visibility enables organizations to keep tabs on privileged user activities, spot anomalies or suspicious behavior, quickly identify the root-cause or threat actor account and respond to the attack before it leads to data loss.
More than 70% of IT professionals confirmed that visibility improves threat prevention and protection of critical data, as stated in the 2016 Netwrix Visibility Survey. As volumes of data stored and processed by organizations are growing, we can expect the technology to become more widely used and evolve further to meet ever-changing needs of businesses.
Isaac Kohen is the founder of Teramind and has over 15 years’ experience in helping companies in the financial sector protect their data. He is extremely passionate about providing organizations with all the analytics necessary to fully assess their workforce and identify insider threats.
“The best way to secure intellectual property against loss or compromise is… “
To use a product that allows you to to automatically detect and prevent users from taking actions that may endanger your IP. Organizations need to clearly identify actions that compromise their information, get alerted when these actions occur, and then have the ability to easily investigate. Actions can range from making password changes to admin systems to copying data to a USB – companies need to know exactly what happened. With the correct security solutions in place, companies can identify malicious users within the organization and prevent them from taking actions that can lead to a major data breach.
Patrick Henry @QuestFusion
Patrick Henry is the CEO of QuestFuion and former CEO of Entropic. Mr. Henry is a serial entrepreneur with over 25 years’ experience in managing high technology companies. As CEO of Entropic, he took the company from a pre-product and pre-revenue phase to a successful NASDAQ listed public company.
“There is not a single ‘silver bullet’ for securing intellectual property against loss or compromise…”
You need to use a combination of tactics that include:
- Trade Secrets
- Controlled Access to Proprietary Information
- Signed Proprietary Information & Inventions Agreements by All Employees and Contractors
- Internal Compartmentalization of “Building Block” Technologies
- Encryption of Data and Software
- Secure Servers
- Non-Disclosure Agreements with Outside Parties
- Selective Sharing of Key Information
Depending upon the intellectual property involved, you may use one or several of these tactics. You may also treat intellectual property differently depending on which country the IP is being developed, shared or deployed. It is not enough to understand international law; you must also understand culture and unstated policies that are practiced in different countries.
Brad Johnson @SyExperts
Brad Johnson is the Vice President at SystemExperts and has been a leader of the company since 1995. He has participated in seminal industry initiatives including the Open Software Foundation (OSF), X/Open, the IETF, and has published many articles on open systems, Internet security, security architecture, ethical hacking and web application security.
“There is an age old saying, ‘you don’t know what you don’t know.’ Interestingly enough, it is a phrase often associated with intellectual property loss or compromise because…”
Many organizations have not categorized or prioritized their data and in the face of an actual compromise can’t answer basic questions like “Exactly where do we house our critical intellectual property?” or “Who is in charge of that data and responsible for tracking it?” or “Why did it take so long to notice we had a problem?”
The first part of securing intellectual property is to clearly identify what data is important to track, where that data resides (both in use and at rest) and understand when people or applications are accessing it. This does not have to be a complicated process or require substantial resources to figure out. Start with the most important and obvious data and generate a clear understanding of ownership and usage. When you feel comfortable with that evaluation, move on to the next level priority of data and do the same thing. Like many things related to security, most issues have nothing to do with technology but rather human interactions and expectations and continuing to make incremental improvements over time.
Carl Mazzanti @emazzanti
Carl Mazzanti is the founder and CEO of eMazzanti Technologies, a premier IT security consulting firm throughout the NYC Metro area and internationally. A frequent business conference speaker and technology talk show guest, Carl has often contributed at Microsoft-focused events, including the Microsoft Worldwide Partner Conference (WPC).
“Of course, education is the best way to secure intellectual property…”
As humans are always the weakest link in data security. A security-first mindset must thoroughly permeate the organization. Secondly, an outbound message filtering solution protects corporate integrity by preventing the distribution of sensitive or proprietary information.
Thomas Papakostas is the Founder & CEO of R&D CORE Ltd, a high tech company outside of London. Before that, he was the VP of Technology for a high-tech company in Boston, U.S. He has extensive experience in developing and commercializing ground-breaking technologies with numerous patents and know-how in all forms of IP.
“IP can be lost or compromised by…”
An employee’s mistake, by theft, or by an infringing competitor. To secure your IP, first you need to limit access to it only to the people with the need to know and only to the information they need to know. This way no single person has all the info needed to make effective use of the compromised IP. Then all employees must be trained to follow the company’s IP protection policies; this implies that there is a policy in place. A culture of confidentiality and trust must be instilled on a continuous basis so that the policies become common sense. Further, the value of IP must be communicated within the company and reinforced with actual examples so that it is well understood and appreciated, given that it is intangible.
All employees must sign a Confidentiality Agreement with the company. To protect against theft, all IP must be kept in a secure place, preferably not accessible from outside the company. This means that CLOUD file servers and third-party storage space should be avoided. Furthermore, the IP can be stored in an encrypted form with at least one backup kept outside the building as a protection against the risks of fire or any other natural disaster. Likewise, on any interaction with an external partner, manufacturer or customer, there is a need for a Non-Disclosure Agreement. Again, the sharing of information must be limited to the absolute minimum needed to do business.
Finally and counter-intuitively, sometimes the best way to protect your IP is by NOT having a patent and opting to treat you know-how as a trade secret. A patent discloses all the information needed to replicate your IP with the assumption that you have a 20 year protection. In reality, the protection is limited only to the countries your patent has been granted in leaving all the other countries free to use your IP. Also, your patent application may not always be granted, or it is granted with a very limited scope. In the meantime your IP has already been fully disclosed in public and your competition can use it or easily work around it. A trade secret does not have a time limit and it is never disclosed in public. In conclusion, protect your IP by limiting access to it, encrypt it, make sure your employees are well trained and use common sense; the less your IP is exposed, the lower the risk of getting it compromised.
Christie Martins @themedicineinst
Dr. Christina Martins is Founder of The Medicine Institute and has a great interest in biotechnology startups and all new developments in the industry. After studying a dual medical/legal degree specializing in intellectual property and commercial law, she now consults for young startups while continuing her medical training.
“The issue with intellectual property is the fact that it is intangible…”
Therefore, the best way to ensure the security of your information is to have as much tangible evidence as possible. This can be achieved in various ways:
Patenting at the correct time:
The vast majority of people don’t realize that patenting too early can be a major mistake. It is best to try and have as much detail as possible because once a patent is published, it is public information. Once public, it only takes a few tweaks or improvements to have your idea stolen. While this is good for progress in general, it can be very damaging to your own product. On the same note, provisional patents should only be taken out if you are very close to being able to produce the finer details within the next few months.
Securing the patent under the correct authors/institutions:
This mistake is commonly made when it comes to employees in research institutions, and it can be extremely costly, especially when superiors begin to add themselves to your work. I have often seen the frustrations of younger inventors who have had a lot of credit for their work taken from them. At the end of the day, while institutions do have rights to intellectual work performed on their premises, if you have done a lot of the work yourself and off-premises, you can hold the rights exclusively. Most people assume just because they are an employee or faculty that for everything they do, even if it is away from work, they are forced to put their workplace in their patent claim. A good example of this might be a doctor working for a hospital who has made their own mobile application to help calculate patient medication doses; the doctor would still have exclusive rights to the application.
Keep a diary:
Documenting important dates, discoveries, and meetings and keeping a track of your paperwork are vital in cases where you might need to fight for your intellectual property. A diary also helps you when it comes to the patenting process. The information does not need to go into too much detail, but should always have the date, what information was exchanged, and names of the people involved.
These are particularly important if there are going to be many people involved in the process. If you are outsourcing some of your research, you have to give non-disclosures. Most people are apprehensive about giving these out due to courtesy, but it is vitally important in protecting your intellectual property, and at the very worst these provide insurance that legal action can be taken if the information is leaked.
Contracts can be used for many different purposes in securing intellectual property. They are useful for mapping out who will be involved with the work and who will take credit. Pre-planning, regardless of how tedious it may come across when you are on the verge of a discovery, does save a lot of time and headache later on. It safely paves the way when you try to do further legal work such as patents or business structure if your idea materializes into a business.
Secure a lawyer:
If you have a major discovery, a good patent attorney will save you thousands, if not millions in the future. I know it might be an effort to come up with the funds, but the results are definitely worth it. A good patent lawyer will be well versed in the local law and will be able to safely secure your intellectual property.
The most obvious – Going under the radar:
You may be very excited about your new discovery. It might change the world, save all the children from poverty, or even cure cancer! However, you have to be careful who you trust with your information. Usually people who aren’t directly involved in the process don’t need to know. As obvious as it sounds, too often I see people who have had their idea stolen over a lunch break discussion, and there is rarely anything anyone can do about it.
Ms. Childress represents companies and non-profit organizations, both large and small, in matters relating to employment law. Ms. Childress has litigated retaliation, discrimination, sexual harassment, non-competition, trade secret, unfair labor practice, and whistleblower cases before various tribunals. She serves clients in general business transactions with employees and independent contractors, drafting agreements such as employment agreements, consulting agreements, termination agreements, and confidentiality agreements. She also has experience reviewing and preparing employment handbooks and employee policies that are compliant with federal, state, and local law. Ms. Childress holds a Bachelor of Arts in Government and African American Studies from the University of Virginia and a Juris Doctor from the University of Virginia School of Law.
“Taking proper measures to protect intellectual property is critical for the longevity of any business…”
Best practices for businesses include:
- ensuring that all employees, independent contractors, and vendors enter into legally-sound confidentiality agreements;
- ensuring that intellectual property created by employees, independent contracts, and vendors is properly assigned to the company; and
- property training employees on the protection of intellectual property, including spear-phishing and other risks for data breaches.
Deborah Sweeney @deborahsweeney
Deborah is the CEO of MyCorporation, making it easy to incorporate a business or form an LLC online.
“The best way to secure intellectual property against loss or compromise is…”
To file for federal protection. This can be done with the U.S. Patent & Trademark Office or the U.S. Copyright Office, depending on the type of intellectual property. This gives you a record of ownership, proof of ownership dates and extent of coverage of your mark. It is always wise to take the legal steps to protect intellectual property because, when protected and federally registered, it can be a businesses’ most valuable asset.
Walter Stanton @scgincus
Walter is the President of the SCGI Corporation.
“I’m sure there are different answers with many twists to the question of how to best secure intellectual property against loss or compromise…”
However, it all comes to one basic concept which companies seem to let go: protect ALL channels in and out of your network. The data network security experts out there can go on for days about this firewall, these settings, double identifiers, etc., yet very few discuss how to stop intellectual property from leaving their premises through the voice channel.
As Voice over IP (VoIP) continues to grow in the market space along with its preferred medium of SIP (Session Initiation Protocol) trunks, it is leaving much of the most valued asset open for exfiltration to points of destination which appear to look like a phone call. This is accomplished by tunneling the data taken from the corporate network and embedding it into the voice media stream. This bypasses firewalls, and there is not a real solution with all the encryption and encoding in the world because it destroys the voice quality with this approach. This risk is becoming more and more prevalent as the clients are ditching their IP devices on the desk and using softphones (software, Jabber, IP Office, Genesys and others).
This process of extracting data over the voice media stream has been known as tele-stenography and has been around since VoIP became popular.
Robin Smith @CrowdCween
Robin Smith is the co-founder and CEO of WeGoLook. Her desire to bolster confidence in purchase decisions by online consumers led her to found WeGoLook, a crowd-sourced verification platform utilized across every industry. WeGoLook features a crowdsourcing platform of over 26,000 nationwide Lookers and 100+ employees in OKC.
“Often, when people hear the term intellectual property one of the first things that come to mind is…”
Patents. Of course IP comes in many forms with some of the most basic being that of internal know-how or trade secrets. The first way to ensure valuable business know-how is held within a company is to educate employees on what constitutes IP and the importance of maintaining confidentiality. A breach of proprietary process knowledge can happen as easily as a competitor calling in and asking first line support team members questions. Basic awareness among all team members can help prevent this to a large extent. Taking this a step further, every employee in a company should be presented with and sign a confidentiality agreement as part of standard on-boarding, which is something we implemented at WeGoLook.
Intellectual property protection pertains to more formal types such as creative works, trademarks, copyrights, technical work product, and patents. There are key steps to take and often agreements to establish to ensure intellectual property is recognized and ownership appropriately assigned. The steps required for each of the aforementioned types can vary and is reason to secure an experienced IP attorney for guidance. For example, if you have a business name and trademark you do not want others to infringe upon, you need to file a trademark for protection. At WeGoLook for example, we have proprietary software code to protect, so a copyright was filed. If it is unique enough in process, you might even want to file a patent. In any scenario, seeking guidance and balancing the risk/reward of when and to what degree you protect your IP assets is something every company must carefully consider.
Nick Santora @Curricula
Nick is the CEO at Curricula, a cyber security company that teaches other companies how to not get hacked.
“One way to protect intellectual property against loss or compromise is to use…”
Need to Know. This concept refers to only granting employees access to data that is necessary to perform their job. This helps lower the overall risk of unauthorized use or disclosure of sensitive intellectual property. An example would be limiting R&D files to the R&D team and other necessary departments, but not allowing the entire organization to have access to the sensitive files.
Charles Patterson @ExecTSCM
Charles Patterson is the President and CEO of Exec Security TSCM. Charles has been working in the security field since 1978 and formed his own company in 1995 providing TSCM security sweeps for corporations and high profile individuals.
“An area often overlooked by those striving to protect intellectual property is…”
Securing the communications surrounding the information. This could be protection from electronic surveillance of meetings, tapping of phone calls, even spying on written material. Technical Surveillance Countermeasures, or TSCM, is the work of inspecting or sweeping an area for the threat of electronic or technical surveillance.
Many major corporations conduct regular sweeps of boardrooms, offices, and other areas where confidential communication takes place, but many organizations, as well, have not yet considered it part of their information security program.
In the corporate security sweeps we have performed during the past twenty years, the majority of threats and devices uncovered came from internal perpetrators – someone within the organization. They may have been disgruntled employees, plants from competing companies, or even executives trying to get an edge over other executives in the corporation.
While it is true that most data is stored digitally today, it also begins as analog information – conversations, written material, observable procedures – all susceptible to electronic and technical surveillance of areas that are not part of the digital network. A program of protection of information assets would benefit from regular TSCM inspections.
David Gold is an Associate in Cole Schotz P.C. Intellectual Property and Litigation Departments. His intellectual property practice focuses on the counseling and representation of a wide range of individual and corporate clients in connection with the use and protection of their intellectual property portfolios including copyrights, trademarks, and patents.
“Although seemingly a simple inquiry on its face, the protection and enforcement of intellectual property involves…”
A complex web of interconnected considerations. For example, an intellectual property owner seeking to protect its rights must first consider the type of intellectual property it is seeking to protect (i.e., copyright, trademark, patent, trade secret, etc.) and whether the intellectual property at issue even qualifies for protection. If the idea, work or invention is indeed protectable, the next step is to consider the various means by which the work may be protected, for example on the state, federal and international levels. In addressing this prong, it is also important to consider the time and financial investment an intellectual property owner is realistically willing to make to enforce its intellectual property (for example, is the owner really willing and able to enforce its intellectual property in a foreign country). Yet another consideration is what the owner is actually concerned about, whether it be traditional infringement or actual theft through, among other things, hacking or reverse engineering. All intellectual property and intellectual property owners are not alike, and the answers to the above questions, among others, will allow an owner to craft an organic protection and enforcement plan that will accommodate its actual wants and needs.
Chris Jones @DisplayCentre
Chris Jones, of The Display Centre (UK) Ltd, business sells display equipment online. He has run this business for 12 years and before that worked in UK government for 20 years.
“The Display Centre has had a couple of designs/products for which we sought formal protection through a UK Patent and Registered Deisgn…”
We went through the application process and paid the requisite fees; neither of which were unduly onerous. Starting the process was sufficient to warn-off one competitor who agreed to purchase a licensing arrangement. But a much larger competitor took a much more bullish approach, just ignored our claim to holding intellectual property and promptly copied our work. I had a number of conversations with intellectual property experts and the message was consistent: protection is very expensive and very much depends on the holder of the protection having ‘deeper pockets’ that the party that is seeking to violate the protection. As a small business it is unrealistic for us to risk huge amounts of money trying to protect intellectual property when the validity of any case is likely to be so subjective. So, in our view, the best and only effective way to secure intellectual property is by using it as quickly as possible and exploiting it as fully as possible. Getting out there first can be easier for a small, nimble company and, as the saying goes, the early bird catches the worm!
Ray Young @RightsInMKT
Ray Young is CEO of RightsIn Marketplace, a global online marketplace that seamlessly connects buyers with sellers of intellectual property. The RightsIn team previously founded WebConcepts, Inc. and created software that revolutionized the way DVD distributions are planned and replenished to global retailers for major Hollywood studios.
“One of the most obvious ways of protecting intellectual property (IP) is…”
By registering it with the appropriate government office. In the United States, brands or logos (i.e., trademarks) and inventions (i.e., patents) get registered with the United States Patent and Trademark Office, while original creative works (i.e., copyright) get registered with the United States Copyright Office. A primary reason for registering an IP asset is to give constructive notice to the world of claimed ownership. In many cases, this will create a legal presumption of the identity of the owner of the asset and will help the content owner resolve disputes. It is also also prudent to monitor your asset through watch notices, alerts and the like.
A trademark owner, for example, may receive watch notices that provide information on new trademarks that may be infringing on the owner’s mark. IP owners may also receive alerts that advise them of potential counterfeits. Moreover, copyright owners will want to monitor the Internet to locate misappropriations and other unauthorized uses of their works. Difficulties in protecting one’s IP – and earning money from it – is actually why we launched the RightsIn Marketplace in the first place. One of the main reasons why IP is pirated is that it is simply not easy to purchase or license it. We’re aiming to help solve that issue with our new marketplace, giving content owners more control over their products.
Leila Amineddoleh @LAmineddoleh
Leila A. Amineddoleh is the founding partner of Amineddoleh & Associates LLC, a firm that specializes in all facets of art, cultural heritage, and intellectual property law. She is also a professor at Fordham Law School, St. John’s Law School, and New York University.
“The best way to secure IP against loss or compromise is by…”
Taking preventative measures, because IP infringement litigation is very costly and should be avoided.
For example, it is important for all collaborating parties to clearly demarcate ownership of the IP. If two people jointly create a work, they should have an agreement that specifies ownership: will one individual own the IP rights or will the rights be jointly owned? This is particularly important when IP is created in a work setting. It is very common for a company to claim ownership of all IP, even if a freelancer intended to only provide IP on a limited basis or as a license.
When creative work is commissioned, it is essential to complete the assignment under an agreement so that the IP creator is protected. Drafting an agreement prior to creating the work allows a creator to control the use of his IP. Besides contractual agreements, owners of IP should also register their works. There is a benefit to registering logos with the US Patent & Trademark Office (USPTO). Filing with the USPTO puts others on notice as to your mark and is a prerequisite to pursuing a trademark infringement litigation.
Jonathan Gossels @SyExperts
Jonathan is President & CEO of SystemExperts Corporation, a network security consulting firm specializing in IT security and compliance. Jonathan started the company in 1994. He plays an active, hands-on role advising clients in compliance, technology strategies, managing complex programs, and building effective security organizations. Jonathan brings a business focus to this multifaceted work balancing all technical initiatives with business requirements and impact.
“While organized crime and hostile foreign governments are clearly factors in data breaches and theft of intellectual property, the vast majority of instances are caused by…”
Human error, often with no ill intent. We see instances where someone trying to excel at their job copies payroll data onto a thumb drive to continue working over night at home. That data has now lost all of its required regulatory data handling controls.
We see it over and over that people just trying to do their jobs copy intellectual property out of its planned, structured, and controlled environments and put it at risk in the wild.
Corey Bray @Corey_SF
Corey is the founder and CEO of LegalNature.
“The most effective way for two parties to share proprietary information is through…”
A mutual confidentiality agreement. It prevents each party from disclosing each other’s confidential information or trade secrets to others or using it for their own benefit. This agreement uses a wide definition of Confidential Information and Trade Secrets to make sure each party’s proprietary information remains well protected. Additionally, the mutual confidentiality agreement will accomplish the following:
- Prevent the other party from reverse engineering proprietary information
- Require the parties to disclose any and all conflicts of interest
- Protect against the unauthorized disclosure and theft of confidential information or trade secrets by third parties
- Give the parties the option to include an arbitration provision as well as add fully customizable clauses that illustrate the full intentions of the parties
Tim Lea @TimothyLea2
Tim is the founder of Veredictum.io. Following a 20 year professional career in finance, Tim is now an entrepreneur in both the tech and film industries. He has combined these skills together to drive a Blockchain startup geared towards reducing piracy and theft. He is a regular speaker and trainer on Blockchain and strategy.
“Film theft and piracy, and the social media equivalent of ‘Freebooting,’ are serious problems facing global creative content producers…”
We are committed to our Big Hairy Audacious Goal of reducing video theft and piracy by 80 percent leveraging blockchain-based technologies at the core of the smart ownership and distribution platform we are currently developing. In order to hit our BHAG, we are approaching the piracy problem from two sides.
The first is from the ‘bottom up.’ We are developing the deterrent effect of digital fingerprinting videos directly linked to ownership data locked to the block chain. With our early stage proof of concept we are enabling videos to be tagged, identified and tracked.
The second is from the ‘top down.’ We are focused on making the customer experience easier by developing new, smarter, peer to peer distribution models that give the consumer the content, when they want it, how they want it, and at a reasonable cost without the ability to on-forward the original file.
While most of these models are in development and have some secret sauce, we have just launched our film script registration service that enables screenwriters to:
- Formally notarize their scripts and associated ownership details to the Bitcoin block chain,
- to securely store their scripts with two-factor authentication linked to the screenwriters’ smartphone to open the files, and
- the tracking of who has downloaded the source file.
Our next iterations will include such features as locking the actions of opening the film script to the block chain, providing irrefutable evidence that a file has been viewed.
Block chain technology is ideal for defining provenance through timestamping, and we are focused on suites of solutions to protect content producers’ Intellectual Property from inappropriate use.
Laura Schoppe @fuentek
Laura A. Schoppe is president of Fuentek, LLC, a consulting firm that provides intellectual property (IP) management and technology transfer services for leading university, government, and corporate decision makers around the world. A Registered Technology Transfer Professional (RTTP), Schoppe has an extensive background in all aspects of IP management.
“A lawyer once told me, ‘I can get a patent on anything’…”
This is a misguided perspective. Just because you can get a patent doesn’t mean you should, especially with the costs associated with patenting. Patent attorneys are concerned with their ability to secure the patent, so they will tell you whether or not they can get a patent issued. What they do not address (nor should it be expected of them) is whether the patent will lead to revenue generation or cost savings. If it does not, then only get a patent if it provides some strategic value to the organization. (Prestige for the inventor alone is not sufficient.)
When it comes to protecting your IP, you can never be too careful. Whenever possible, try to use non-disclosure agreements (NDAs) during discussions, even when they are preliminary. For investors who don’t want to sign an NDA, a very effective alternative is to talk about what the invention does rather than how it does it. For example, you can articulate your value proposition as: “Our product/service is for (target customers) who are dissatisfied with (the current market alternative) and our product/service is a (what is it) that provides (key problem-solving capability).” Not only does this approach protect your IP, but it also focuses on the value of the innovation. The innovation’s value is of much greater interest to investors than how you created it or how it works.
Similarly, discuss the portion of the market you will impact and how your pricing (or cost savings, etc.) will be different as a percentage change. By showing information as ratios, you are not revealing details. This level of information will be compelling enough for investors to decide whether or not they are still interested. If they are, then they will be more willing to sign an NDA to get the details.
Once we have determined that an idea is likely to have value, we often will start with filing a provisional patent because it is less expensive and provides up to a year before additional fees will be due to convert the patent (in the US and/or internationally depending on where the market is). During that year, the idea can be further vetted and refined with through direct feedback from the market to establish interest (which means future sales), either from customers or from potential licensees who will make the product. This incremental approach allows for just-in-time spending on patenting while verifying that you have something of value, and it lets you stop spending money on expensive patents if there will be no market for the idea.
Joan Walker @jcvwalker1
A Principal consultant at TayganPoint, Joan Walker has over 20 years of experience driving both business process and IT solutions to support global business strategies for large corporate clients. She is an accomplished organizational business and IT leader with proven ability to build, motivate and lead diverse global teams to achieve program objectives while aligning IT strategy with business goals. Joan leads TayanPoint’s IT Effectiveness Practice which focuses on helping our clients and IT leaders leverage opportunities to improve the value of IT to their organizations.
“There are several important methods for securing intellectual property against threats and compromise…”
- Secure remote access to your network. Today, working from a remote location is pervasive and while a mobile worker can increase productivity, it can also pose new security challenges. Ensure there is endpoint security for all business partners or third party vendors that have access to your network.
- Update your passwords on a 60-90 day basis across all users to ensure a higher level of protection. Your business will dictate how often this should be done. Insist on unique and challenging passwords (policy). Augment this with security questions that a user must setup when initiating a password. Also limit the number of attempts a user can try and disable or suspend the account after repeated attempts. This eliminates the risk of a computer attempting to access the credentials.
- Put procedures in place to keep your security current and address vulnerabilities that may arise. Ensure you have the latest virus protection software, and make sure to update and patch any third party software.
- Dispose of sensitive data securely and only keep as long as the business requires it to be kept. Proper disposal, e.g., shredding of personal, sensitive data in a timely fashion avoids risk of theft.
- Make sure you have monitoring software and personnel to understand who is attempting to hack your system/network. Depending upon the business, you may want someone dedicated to intrusion detection so that their full time job is to monitor any breaches of the network.
Jim Abbott @AshtonSolutions
Jim is the Sales & Marketing Manager for Ashton Technology Solutions.
“Small and medium sized businesses can take the ‘it won’t happen to me’ mentality when it comes to the question of theft of IP…”
As a result, they opt out of using some simple best practices such as implementing high quality firewalls or educating their staff on basic things like not sharing company data on hosted services such as DropBox, etc. What these businesses sometimes forget is that competitors in every field and in every country are looking for ways to gain an advantage. If they stumble upon or break into your network, you risk the competition gaining your client list, prospects, marketing plans, strategic planning documents, salaries, designs, etc. These are all intellectual property. Birkenstock this week stated they will no longer sell their products on Amazon.com because of the rampant theft of their intellectual property; The same happens to art designers, architects, engineering firms, manufacturing plants – all of your digital information is valuable to the competition in the US and abroad. No network is ever completely safe from threats, but high quality firewalls and a staff that is properly educated (i.e., spoofing, ransomware, phishing, acceptable usage) are a great starting point.
Len Kendall @LenKendall
Len Kendall is Vice President of Communications at Carrot Creative, The Vice Digital Agency. He has created several IPs including CentUp, Devil’s Advocate, and Cartegram.
“As someone who has had to defend my IP both from a patent and trademark dispute…”
The best piece of advice I can offer is that operators should be prepared to back their paperwork with dollars. In the U.S., IP battles often have less to do with paperwork, and more to do with who has more cash and time to fuel attorneys. If you’re someone who owns your own trademark and wants to stop others from encroaching, know that you’ll need to defend your IP. Whatever you spent to secure a document to protect your invention or idea, multiple that amount by 10 to pay for the legal costs to enforce it.
Ian Worrall @EncryptedLabs
Ian Worrall is the Executive Director of Encrypted Labs, Inc.
“The best way to store IP is on the…”
Blockchain. A company I know of called ascribe.io does this for art and has attracted over 40,000 artists in the past year, but it can be applied to any type of IP or proprietary information.
The Blockchain is a public and immutable open ledger system that is structured to provide provenance to any content creators. One information is stored on the Blockchain it is linked to the rightful owner and can easily be traced if unauthorized use occurs. It is also immutable, meaning the data cannot be changed in the instance of a hack.
Click here to read the article as it originally appeared in Digital Guardian.
Like what you read? Follow us on LinkedIn or Twitter for even more great content and ideas for how you can make strategy happen.