Bright ideas can lead your company down the path to success. But in the wrong hands, they can result in expensive losses and put your reputation and culture in jeopardy.
Intellectual property, those ideas that companies are built on, is undeniably valuable. But it’s often vulnerable to threats from inside and outside the business, including disgruntled employees, ex-employees and competitors. In these days of cybersecurity risks, it’s more important than ever to protect what’s yours.
What is intellectual property?
Intellectual property includes products of the mind, such as literary works, art and creative design, inventions, symbols, scientific discoveries – even ideas or concepts.
Three main types of laws protect it from unauthorized use by others.
- Trademark: Safeguards commercial identity or brand by discouraging other businesses from adopting a name or logo that is confusingly similar
- Patent: Exclusive rights granted by a sovereign state to an inventor or assignee for a limited period of time in exchange for detailed public disclosure of an invention
- Copyright: Protects original works of authorship fixed in a tangible medium, including literary, dramatic, musical, artistic and other intellectual works
Keep it safe.
Take a comprehensive approach to safeguard your company’s intellectual property.
1. Conduct a thorough security assessment.
To mitigate risk, take a good look at your current security methods, barriers and procedures. Are they up-to-date with the latest technology? Do you have policies in place to help protect the system? It’s possible you will need to hire an outside firm to evaluate your current state and goals.
This publication by the U.S. Department of Homeland Security gives more information about what you need to do to be sure your business’s information is secure.
2. Create a culture of commitment.
Train employees on cybersecurity threats, password use (setting up strong passwords, changing passwords frequently and the dangers of password sharing) and ways to mitigate risks. You might want to create a formal security role within the company.
It’s mandatory that management consistently demonstrates commitment to this culture of security by addressing it frequently in employee communications and modeling secure behavior, such as protecting passwords. Reinforce two-way communication between employees and management to allow effective implementation without compromising employee morale.
3. Get technical.
Be sure appropriate computer and data systems are in place to minimize risk.
- Encrypt information on company laptops and install GPS tracking technology.
- Install backup systems for internal and external servers.
- Review and regularly update software protections, firewalls and other protective mechanisms.
- Monitor systems to identify if intruders are attempting to gain entry.
4. Control access.
Restrict the use of flash drives, USBs and other devices that allow transfer of data. Limit access to personal email accounts or websites, as well as file-sharing websites like Dropbox and Google Drive.
Don’t allow employees to remove company information from the workplace. It’s a good idea to limit level and type of access to proprietary information based on role within the company.
If your company has multiple offices or hires off-site or remote employees, you will need systems to allow the secure sharing of information.
5. Hone HR practices.
Implement sound and consistent HR practices, including policies and procedures on the use of company computers, email, internet and other communication systems. Include language in employment agreements, policies and handbooks that addresses protection of proprietary information and intellectual property and the consequences for violations.
6. Manage the exit.
Companies are particularly vulnerable to intellectual property issues when an employee leaves – either voluntarily or involuntarily. Adopt a process that includes the following:
- Deactivate the employee’s access simultaneously with the exit meeting, or install identity software to prevent the employee from accessing work-related applications.
- Back up data before meeting with the exiting employee.
- Review an exit checklist with the employee to
- Immediately collect electronic equipment and erase company data from personal devices.
- Collect access badges, key fobs, keys, etc.
- Go over the company’s policy on protection of proprietary information and intellectual property.
- Secure the employee’s acknowledgment of the policy.
- Review work habits of former employees immediately after they leave to determine actions, such as information downloads, systems used and applications accessed, during the 90 days prior to leaving. If you find something suspicious, contact your legal counsel about next steps.
7. Know the law.
Even though your intentions are to safeguard your company’s intellectual property, care must be taken to not compromise employee rights without knowing it.
Some states require the disclosure of workplace monitoring. In addition, carefully review your policies and procedures to ensure they don’t violate the National Labor Relations Act (NLRA), Electronic Communications Privacy Act (ECPA) or the Fair Credit Reporting Act (FCRA).
8. Plan for the worst.
Although you hope you’ll never have to use it, it’s a good idea to develop a detailed plan to deal with a possible data breach. Be sure you have back-up systems in place and a communication strategy.
Review and update your plans annually. Consider conducting periodic fire drills, in which efforts are made to access the system without proper access, to practice your plan.
Action may be possible.
If data is stolen or misused, first assess the impact to your business and employees, as well as your customers. A publicly traded company may have an obligation to issue a public announcement. Regardless, it’s best to have a communication plan ready to respond to questions from employees and/or customers – and possibly the media.
In addition, you may have grounds for legal action against the former employee. Depending on the scale of the incident, it could be considered a state and/or federal offense and result in prison time for the offender.
Small businesses that do not have dedicated security roles can contact the National Cybersecurity Alliance for additional information on security checkups and tools.
Need more information about keeping your business safe? Download our free e-book, Employment law: Are you putting your business at risk?