 Industry estimates of intellectual property theft costs range from $250 to $300 billion along with an estimated 750,000 jobs per year. These types of losses make it important to consider securing IP protection, whether you're a major corporation or a small business. As the name suggests, intellectual property is the intangible property arising from intellectual creation. Since intangible, intellectual property cannot be protected with a fence or a security guard as most capital assets can. Intellectual property (IP) includes information, creations, designs, processes and technological know-how that can be somewhat secured with patents, trademark registrations, and copyrights.
However, ideas, client databases, accounting records and other intellectual property often cannot be copyrighted or patented. Instead, they are protected by non-disclosure and confidentiality agreements. Trade secrets can be patented or copyrighted if they meet the essential two criteria; first, you have a "unique" idea or formula that has distinguishable characteristics or properties to differentiate it from others, and second, that you can demonstrate you are taking effective safeguards to protect it from unauthorized use.
Since the foundation of commercial power in the west has shifted from capital resources to intellectual property, intellectual property is the central resource for creating wealth in almost all industries. As a result, companies have been called on to place a monetary value on intellectual property for some of the following purposes:  Transaction Support, Bankruptcy, Licensing, Strategic Alliances, Infringement Damages, Inter-company Transactions, Collateral-Based Financing, Accounting Requirements, Regulatory Requirements, and Ad Valorem Taxes. Most companies now use standard formulas for determining monetary value on intangibles from process patents to “good will.” Unfortunately, once real dollar values were applied, intellectual property captured the attention of pirates and organized crime. Today, piracy, counterfeiting, and industrial theft of intellectual property pose a serious threat to all U.S. businesses.
The Internet, while part of the rising theft problem, has shown us how vulnerable intellectual property can be. Now, intellectual property moves instantaneously and globally. Once the mouse clicks to send a document, that document can be removed from your control. Except for the intellectual property legal structure that is in place to enable you to retain rights to this creation and exploit it yourself, you are totally at the mercy of the cyber-world where information and creation theft is a sport and a business. And, on-line there are fine lines in that intellectual property legal structure that is supposed to protect you. One of the buzzwords in the technocratic world is convergence. What exactly is convergence in terms of intellectual property? Well, the difference between a telephone and a camera was once very clear. Now a cell phone can function as a camera, so all of the intellectual property connected with “telephone” (patented and unpatented technology, copyrights and trademarks) was separated by commerce and fields of use from all of the intellectual property connected with cameras. Now, we have convergence which muddies the waters a bit.
So, what are the major threats to your intellectual property and how to you protect it? Industrial espionage, theft, and employees (disgruntled or careless) are ways by which IP can be compromised or stolen. You might think most of the threats to your intellectual property are external theft, but most intellectual property is lost or stolen in the same ways: insecure IT systems and employees. And the biggest external threat comes from social engineering. With this information, a comprehensive protection plan can be developed.
Insecure IT systems and employees overlap in terms of security. First, every company should have some type of confidentiality or non-disclosure agreement signed by all employees; these tools are also a must when dealing with third-party vendors who need access to your information. Also, all intellectual property on computers should be encrypted. Most importantly, every company should have clear and enforced IT Security Policies and Procedures. In the discussion of these policies and procedures, note there is a difference between a policy and a procedure because these terms are often used imprecisely. A policy is a set of rules reflecting the organization's beliefs or goals, and a procedure outlines how people should act policy out or the precise steps/tasks/actions to be taken to accomplish the company goals. For example, a policy might be, “The Company will protect all confidential and proprietary information housed on the company intranet.” One of the procedures for that policy might be, “Employees will change their passwords every six months and may not repeat a password already used.” Another procedure might be, “Passwords must be at least eight (8) characters and contain at least one (1) number and one (1) symbol.”
 Since there have been several cases in the last decade concerning intellectual property and email, particularly, employees sending to their personal email or to someone outside the company, all IT Security Policies and Procedures should cover email usage and what company information can be sent via email. But, the best IT Security Policies and Procedures written do you no good if your employees do not get copies and recurring training. The Policies and Procedures should be regularly updated as technology and policy changes, and employees should be formally trained on updates.
Of course, IT security can’t stop employees from discussing a project at a cocktail party or talking to one person, while someone else eavesdrops or takes a peek at one of the employee's laptop screen, or from inadvertently putting proprietary intellectual information in a published paper in field-related research. What can help to diminish the risk in such cases do some training where employees become aware of the personal impact of losing IP belonging to their company. In other words, talk about how many jobs are lost each year as a result of IP loss.
As far as the external threats, the most common kinds are hacks, social engineering penetrations (people calling in and posing as someone else) and exploitations of employee knowledge which are usually perpetrated by competitors or someone hired by competitors. The most effective way to combat the last two of these is once again employee training. Corporate espionage and competitive intelligence probes are not always just the fantasies of movie script writers, but a real threat to the security of your company's intellectual property, but the proper precautions and employee training go a long way in protecting your intellectual assets. |
