Your ‘Intellectual Property’ Needs More Than Legal Protection

Intellectual property, those ideas that we strive to build companies on, are undeniably valuable. But it’s often also vulnerable to threats from inside as well as outside the business, including unhappy employees, ex-employees and competitors. The Office of Australian Information Commissioner reports on notifiable data breaches where the Healthcare sector leads others by numbers of notifications. Interestingly, those breaches have been perpetuated by not only bad third party actors (Script Kiddies, Criminals, Hacktivists, State Actors), but also by simple internal human error. With data breach risks, it’s more important than ever to protect what you’ve often spent years building.

What Is Intellectual Property?

A common definition of Intellectual property includes products of the mind, such as literary works, art and creative design, inventions, symbols, scientific discoveries – even ideas or concepts.

Three main types of laws protect it from unauthorised use by others.

• Trademark: Safeguards commercial identity or brand by discouraging other businesses from adopting a name or logo that is confusingly similar.
• Patent: Exclusive rights granted by a sovereign state to an inventor or assignee for a limited period of time in exchange for detailed public disclosure of an invention.
• Copyright: Protects original works of authorship fixed in a tangible medium, including literary, dramatic, musical, artistic and other intellectual works.

However, these are usually only enforced at the end of the development cycle. As you invest millions into research and development, how are you protecting your developing intellectual property? Your data may also contain personally identifiable or financial information that is just as valuable.

Keep It Safe

Take a comprehensive approach to safeguard your company’s intellectual property.

1. Identify and Classify your data

The first step to protect any data is to know what your data is and how it is stored. Some of the questions you might ask are:

• Do we store customer details?
• Do we store transaction details including payments?
• Do we store clinical data / lab results?
• Is stored data subject to compliance requirements?

2. Conduct a thorough security assessment

To mitigate risk, take a good look at your current security methods, barriers and procedures. Are they up-to-date with best practice or recommended controls?

3. Create a culture of commitment

It’s often said that, “In the People-Process-Technology mix, the weakest link is the ‘People’ of an organisation”.  User awareness of cybersecurity threats are important to avoid unintended breaches and data theft. A culture of care and practice for data security would need to be demonstrated and applied at all levels.

4. Get technical

Be sure appropriate computer and data systems are in place to minimise risk. A host of measures may be taken from encryption of critical data to disaster recovery systems, to monitored systems. What you can’t monitor you can’t protect! Data is everywhere and the perimeter is not what it once was. A firewall on its own will not do the job.

5. Control access

Restrict the use of flash drives, USBs and other devices that allow transfer of data. Limit access to personal email accounts or websites, as well as file-sharing websites like Dropbox and Google Drive.

Don’t allow employees to remove company information from the workplace. It’s a good idea to limit level and type of access to proprietary information based on role within the company.

6. HR practices

Implement sound and consistent HR practices, including policies and procedures on the use of technology and communication systems. Ensure employment agreements, policies and hand-books addresses protection of proprietary information, intellectual property and explains clearly the consequences for non-compliance.

7. Manage the exit

Companies are particularly vulnerable to intellectual property issues when an employee departs. Adopt suitable process that ensures data access privileges are shut down across previously available touch points and data exfiltration or tampering is prevented.

8. Know the law

Even though your intentions are to safeguard your company’s intellectual property, care must be taken to not compromise employee rights without knowing it.

9. Plan for the worst

Although you hope you’ll never have to use it, it’s a good idea to develop a detailed plan to deal with a possible data breach. Be sure you have back-up systems in place and a communication strategy.

Review and update your plans annually. Consider conducting periodic tests of those back-ups and recovery processes.

Communication Plan

If data is stolen or misused, first assess the impact to your business and employees, as well as your effected parties.  You may have an obligation to issue a public announcement and relevant notifications. Regardless, it’s best to have a communication plan ready to respond to questions.

It’s Not As Hard As You Think

Let us do the heavy lifting for you.  Protecting your data securely from creation to usage should not be treated as a limiting factor. In fact, we view it as an enabler. Bringing together the best in security technology and expertise lets your organisation flourish, without ever feeling restricted.