Cybersecurity & IP: Don't Let Hackers Grab Your Digital Assets
What can most companies realistically do to protect their valuable IP from data thieves?
Early Adopters Of Legal AI Gaining Competitive Edge In Marketplace
Sponsored
Is The Future Of Law Distributed? Lessons From The Tech Adoption Curve
Legal AI: 3 Steps Law Firms Should Take Now
The Business Case For AI At Your Law Firm
Navigating Financial Success by Avoiding Common Pitfalls and Maximizing Firm Performance
- Identify and Segment Your IP Data. Is your confidential know-how, key software development, or other highly sensitive IP assets commingled with the rest of your company data? Most companies don’t do so, thinking that password protection and file access restrictions are enough. It isn’t — vulnerabilities that permit hackers to access this data will provide access to all of it. By segmenting sensitive information into other virtual servers and further compartmentalizing it, you will make is far more difficult for hackers to get to that information in the first place. In many cases, hackers are simply trying to get to the data so that they can mine it for its value — by segmenting it, you make it harder to do so (and hopefully, easier to detect) in the process. The side benefit is that you also perform a mini due diligence on your IP in the process, leading to stronger IP assets as a result.
- Have a Written Information Security Program Addressing Your IP Assets, Too. At this stage, most companies with any significant data footprint should have a written information security program (WISP), but precious few of them address intellectual property separately. Any WISP should account, at a minimum, for highly sensitive confidential information as well as specific development data related to any products and services that requires IP protection. If you don’t know whether the information does, confer with qualified IP counsel to help identify it, and have them coordinate with the appropriate information security representative so that the WISP addresses steps to protect against cyber attack. In fact, the WISP should incorporate many more levels of intrusion detection and prevention so as to make the “crown jewels” of IP as difficult to access and as possible.
- Be Very, Very Careful With IP in the Cloud. The cost savings presented by software-as-a-service and platform-as-a-service can be significant, but so can the liabilities. I like the “cloud” and what it has to offer, but at this juncture, I cannot recommend that companies place highly sensitive intellectual property in the “cloud” unless it is encrypted and the security keys are monitored. Most state data breach notification laws provide for an encryption “safe harbor,” and when it comes to cloud-based services and your IP, encryption is critical. Although many cloud providers are offering increased security and even encryption, precious few of them are willing to shoulder the risk of a breach that results in IP theft. Don’t risk it — and if you have to — make sure you take appropriate steps to encrypt highly sensitive data and limit access to it.
Tom Kulik is an Intellectual Property & Information Technology Partner at the Dallas-based law firm of Scheef & Stone, LLP. In private practice for over 20 years, Tom is a sought-after technology lawyer who uses his industry experience as a former computer systems engineer to creatively counsel and help his clients navigate the complexities of law and technology in their business. News outlets reach out to Tom for his insight, and he has been quoted by national media organizations. Get in touch with Tom on Twitter (@LegalIntangibls) or Facebook (www.facebook.com/technologylawyer), or contact him directly at tom.kulik@solidcounsel.com.