When it comes to intellectual property, many companies don’t always appreciate the significant value embodied in such assets. Those companies that do take the time to understand and grow such assets enjoy increased value due to the enhanced intellectual capital. I know, I know — as an intellectual property and technology lawyer, you’d expect no less from me; however, there is a danger lurking in the shadows of the dark web that is targeting those assets with giddy abandon. Cybersecurity risk to intellectual property assets is real, and it is scary. It has affected IP transactions of which I have been involved, and will likely happen again. Even the most sophisticated companies with developed IP portfolios are either ignoring or failing to address this terrifying threat to IP capital, and they are doing so at their own (and their shareholder’s) risk.When developing an IP portfolio, most companies take the traditional steps to protect such assets. These strategies are familiar to most companies. For example, they may include executing appropriate non-disclosure agreements with development partners to maintain confidentiality, as well as assignment of patentable or copyrightable subject matter from non-employee software developers. In fact, there are many steps that companies should (and do) regularly take to ensure intellectual property rights are properly captured and vested in the company. These efforts are not insubstantial — they require an investment of time and capital that is designed to build overall company value. Unfortunately, all these efforts are for naught unless you shield these assets from “digital” prying eyes… and we have computers and information technology to blame for it.
The Trump Gold Card: A New $1 Million Pathway To A U.S. Green Card
A new proposal would let wealthy foreign nationals secure an opportunity for a U.S. green card with a $1 million 'gift' to the government, sparking legal and ethical debate.
Built on the computer technology boom of the 1980s and internet boom of the 1990s, the combination of computer processing and memory technologies together with leaps in high-speed communications has created ways for companies to harness and leverage improved technologies at lower costs. Unfortunately, these leaps in technology have also led to leaps in malware and hacking techniques, allowing bad actors to infiltrate, access, and steal valuable IP capital that was simply not possible or feasible 20 years ago. Truth be told, it is becoming easier for such IP assets to get into the hands of those who shouldn’t have it. For example, most companies will lock down highly confidential information with physical access restrictions and password protections on their premises, but if those employees with credentials to access such information do so remotely without additional authentication or even encryption, the company may be providing an “open door” to bad actors itching to get such information, allowing them to exploit vulnerabilities and copy the information without them ever knowing it happened.
Most companies outside of the Fortune 500 do not have the capital to plug every potential vulnerability, and even where they may, the Fortune 500 don’t do so. So, what can most companies realistically do to protect their valuable IP from data thieves? Sadly, there is no easy answer, and it is different for every company. Nevertheless, here are a few tips that every company holding valuable IP assets on its hard drives should take into serious consideration.
Why Your Practice Is Burning Money And How You Can Do Better
Our expert panel explores common sources of profit leakage along with practical steps for improvement.
- Identify and Segment Your IP Data. Is your confidential know-how, key software development, or other highly sensitive IP assets commingled with the rest of your company data? Most companies don’t do so, thinking that password protection and file access restrictions are enough. It isn’t — vulnerabilities that permit hackers to access this data will provide access to all of it. By segmenting sensitive information into other virtual servers and further compartmentalizing it, you will make is far more difficult for hackers to get to that information in the first place. In many cases, hackers are simply trying to get to the data so that they can mine it for its value — by segmenting it, you make it harder to do so (and hopefully, easier to detect) in the process. The side benefit is that you also perform a mini due diligence on your IP in the process, leading to stronger IP assets as a result.
- Have a Written Information Security Program Addressing Your IP Assets, Too. At this stage, most companies with any significant data footprint should have a written information security program (WISP), but precious few of them address intellectual property separately. Any WISP should account, at a minimum, for highly sensitive confidential information as well as specific development data related to any products and services that requires IP protection. If you don’t know whether the information does, confer with qualified IP counsel to help identify it, and have them coordinate with the appropriate information security representative so that the WISP addresses steps to protect against cyber attack. In fact, the WISP should incorporate many more levels of intrusion detection and prevention so as to make the “crown jewels” of IP as difficult to access and as possible.
- Be Very, Very Careful With IP in the Cloud. The cost savings presented by software-as-a-service and platform-as-a-service can be significant, but so can the liabilities. I like the “cloud” and what it has to offer, but at this juncture, I cannot recommend that companies place highly sensitive intellectual property in the “cloud” unless it is encrypted and the security keys are monitored. Most state data breach notification laws provide for an encryption “safe harbor,” and when it comes to cloud-based services and your IP, encryption is critical. Although many cloud providers are offering increased security and even encryption, precious few of them are willing to shoulder the risk of a breach that results in IP theft. Don’t risk it — and if you have to — make sure you take appropriate steps to encrypt highly sensitive data and limit access to it.
Whether we like it or not, the fact that your company is going to be hit by a cyberattack is not a matter of if, but when. This is a sobering reality for all of us (and especially those companies with trade secrets that need to keep these assets from unauthorized disclosure for fear of losing trade secret status). That said, all is not lost — most hackers are not nation states trying to get to your IP, and are actually looking for low-hanging fruit that strong security measures will help deter. You’ve worked hard to create your IP, so don’t forget to protect it in the digital domain with equal vigor — your investors and shareholders will thank you in the process.
Tom Kulik is an Intellectual Property & Information Technology Partner at the Dallas-based law firm of Scheef & Stone, LLP. In private practice for over 20 years, Tom is a sought-after technology lawyer who uses his industry experience as a former computer systems engineer to creatively counsel and help his clients navigate the complexities of law and technology in their business. News outlets reach out to Tom for his insight, and he has been quoted by national media organizations. Get in touch with Tom on Twitter (@LegalIntangibls) or Facebook (www.facebook.com/technologylawyer), or contact him directly at [email protected].