By John Hurley
There are 318.9 million people in the United States and their collective creativity is one of the most economically beneficial assets in the country.
That collective creativity, when funneled into a commercial purpose is called intellectual property (IP). Just as valuable as physical property, the protections of IP, called intellectual property law, help to fuel innovations in the United States. With these protections, inventors and creators feel confident manufacturing and sharing their ideas with the world.
While this system has worked reasonably well for the last 200 years, the rapid pace of technology—and those who exploit its weaknesses—has made intellectual properly more vulnerable to compromise than ever.
There currently exists a contract between the U.S. and Chinese governments (the latter an ever-present threat to U.S. IP). Ideally, this contract is supposed to stanch the unauthorized and illegal flood of IP to China and minimize the billions of dollars lost to these sanctioned cyber security attacks.
However, since the 2015 agreement, not much has changed. Chinese hackers continue to target corporate IP, stealing secrets and pricing data from United States Steel Corp and wriggling their way into remotely controlling a Tesla Model S. It appears that the problem with China is not going away.
This article is not intended to get into U.S.-China cyber security relations, but to make business owners and corporate leadership aware of just how much of a problem IP theft has become in this digital age we live in.
Keep reading and you’ll learn the basics of intellectual property, the law that protects it, and what companies can do to fight back against those who seek to harm via the theft of valuable IP.
What is Intellectual Property
“Intellectual property, in broad terms, means the legal rights which result from intellectual activity in the industrial, scientific, literary and artistic fields.” -- WIPO PDF
First let’s explain what intellectual property is. Intellectual property has been described as “creativity of the mind (link to WIPO),” which, in layman’s terms, means ideas, inventions, formulas, methods, manufacturing procedures and any other ideas specific to a creator or company that is used for commercial purposes.
In order to protect these items, we have intellectual property law. The four main branches of intellectual property law are:
Let’s break each of these down into their descriptions, what they cover and what legal protection IP holders have.
A trade secret is very valuable to a company, not just for the trade secret itself, but for everything that accompanies it. Until recently, trade secrets were not covered by federal law. Rather, they have historically been overseen by state legislation and are protected upon registration.
A trade secret has two essential parts and it’s important to understand these two distinctions—the second is vital for nearly all intellectual property:
- A trade secret must be unique and proprietary and give one company an edge over another company’s product or process. It must also be, of course, a secret;
- A company must do its best to protect the trade secret. Trade secrets (and all IP) must be protected to the best ability of the company or individual that owns the secret. And, when threatened, the IP must be defended or it will be lost.
This is true for most IP, if you don’t protect and defend it, you are often at risk of losing it. At the very least, you could find yourself taking part in a very expensive legal battle.
A copyright is the one legal protection that is immediately bestowed upon the creator once their work is in a tangible form. While a copyright is automatically granted to a work like a book or computer program, it is up to the creator to defend that work. Copyrights don’t have to be registered, but it is recommended, especially if the owner of the work will ever need to file a lawsuit for it.
The first patent was filed in 1790 by a man named Samuel Hopkins. He was seeking patent protection for a process that he invented to make a fertilizer ingredient called potash.
While they sound similar, patents are far different from trade secrets.
First, a patent gives the right for the patent holder, and only the patent holder, to manufacture their product for a period of 20 years; after that, anyone can use the plans to create the product.
Second, when patents are filed, they must include the inventor’s detailed plans and be made publicly accessible.
You see trademarks every day; from the Nike Swoosh on your shoes or clothing to the colors of a college or professional football team’s uniform (see: Texas University, Pantone color #159).
For something to become a trademark, it must be both used in commerce and it must also be distinctive. Once it’s accepted as a trademark, the owner has exclusive rights to it.
LaCoste, a brand that’s been around for several decades, has had its share of trademark troubles. In the 1980s, it was overshadowed by the Izod brand and took nearly a decade to recover before rising back in popularity to the high-end brand it is today. As well, it’s a brand that is forever being bombarded with copycat and lookalike brands trying to take a slice of its market.
What Does Your Intellectual Property Look Like?
Identifying Your Intellectual Property
According to Vikas Bhatia, the founder and CEO of cyber security firm Kalki Consulting, says businesses need to think more critically about the information that drives their specific business and how to protect it. For instance, according to Bhatia, companies will often protect their credit card data but they will be remiss in monitoring how a third-party vendor connects to their network.
This is exactly what happened to Target, who suffered a major breach in 2013 because a small Pennsylvania-based heating and air conditioning firm they worked with had been infected with malware. Using credentials snagged in the breach, they were able to access Target’s network.
“The first thing to do is have someone take a look at your organization and work out what data drives the organization.” says Bhatia. “Where is that data coming from? What you do you once you have it? Where does it go? Are you giving it to certain parties?”
This is just a start to identifying your intellectual property. Since many hacks are opportunistic, it’s vital to identify all of your essential and important data before a breach happens, whether it’s in-house or with a cyber security consultant. Being proactive to protect IP now will very possibly keep your business from losing everything.
The Value of IP
Most successful companies understand the inherent and actual value of the IP they’ve identified. But there is another entity who values that IP for different reasons. Countries like the U.S. don’t just have IP laws to protect creators, but to protect that creativity.
The theory is such that if the government stands behind these creators and their work, it will “encourage fair trading which would contribute to economic and social development,” says the World Intellectual Property Organization -- WIPO
According to a recent article in Forbes, the value of the IP in the United States is greater than the GDP of any other country, with the exception of China. Looking to the Intellectual Property and the U.S. Economy: 2016 Update, there are 81 industries that are “IP-intensive” and these industries alone accounted for 29.7 million jobs in 2014, as well as $6.6 trillion in added value. Not to mention the $115.2 billion brought in from licensing alone.
What are these IP-intensive industries? They are industries that have a large amount of business or employment related to either patents, trademarks or copyrights. Trademark-intensive industries are the largest under the IP umbrella and provide 23.7 million jobs. These industries add to the GDP of the U.S. by providing a large portion of the total imports and exports of the U.S. Pharmaceuticals and medicines export $54.5 billion in merchandise, while software publishers are the highest of the service-providing industries with $22.7 billion in exports.
What is Intellectual Property Theft?
Spoiler alert: once your IP is stolen, it’s gone.
IP theft affects every business. However, for those small-to-medium businesses that specialize in one product or a specific area, the theft of their IP can be devastating. What are the most common methods of IP theft?
Contributors to IP Theft
It’s likely impossible to count every instance of employee negligence contributing to data leaks and breaches, but it happens all of the time.
As Bhatia sees it, there are two different types of internal threats. The first is unintentionally malicious, where employees are negligent, for instance, not thinking when clicking on links in emails that contain phishing attacks or sending spreadsheets containing sensitive financial data to their personal computer to do some work at home.
Bhatia says, “What that means is, I could be lazy. I don’t have the intent to bring harm to the organization, but the end result is malicious activity.” Without proper training, employees may not even be aware they are engaging in Shadow IT or social engineering scams and therefore putting the company at risk.
The second threat can be malicious with intent. This can encompass employees downloading proprietary data to intentionally transfer it to a competitor or other business partners planning to turn on each other by taking their IP and starting a new venture with it, thereby cutting out the other partner. According to Bhatia, malicious intent via trusted insiders does happen, but less frequently than unintentional malicious events.
Your IP as the Intentional Target of Hackers
Intentional hacks are the hacks we often hear about in the news. They involve the hackers that are intentionally targeting the IP of corporations and businesses—whether government-ordained, criminally-minded or just a handful individuals with malicious intent.
Who’s after your IP?:
70% Individuals / Small Groups
20% Criminal Organizations
5% Cyber Terrorists
4% State Sponsored
Source: Easy Prey, pg 34
Hackers can have different motivations. Some, known as hacktivists, believe in social justice causes and are able to pool together individuals and resources to attack targets. Others try to hack into targets because they want to see if they can do it. Hackers like the Hired Gun even offer their hacking services on the dark web.
These are only a handful of the types of hackers, but knowing their motivations can get you a step ahead in protecting your IP. Now that we’ve covered some types of hackers, let’s talk about what can be done once your intellectual property has been exposed to an outside party.
Oh, the Humanity: What Can be Done When Your IP is Gone
In short, not much.
If you have taken steps to protect your intellectual property, like registering copyrights, creating confidentiality documents and policies around trade secrets and securing your IP to the best of your ability, you have a better chance at lessening a data breach or theft and the damages that could follow.
“My recommendation to businesses is really two-fold. One, what are your legal protections and two, what are your technological protections,” says Anthony M. Verna III, attorney-at-law and managing partner at Verna Law, P.C. “Make sure you work with not just the law firm but with an IT company.”
For those who discover that their IP has been breached and stolen, there’s not much that can be done, says Verna, “The problem is that once it’s out of the bag, it’s out of the bag, even from a legal standpoint.”
What can be done, Verna advises, is to seek punishment internally in the form of monetary damages for those who have intentionally or unintentionally let business secrets out.
These types of punishment will be civil, not criminal, meaning you can’t exactly send the former or current employee to prison for their wrongdoing. “Whether somebody hacks your network and steals your trade secrets or is an employee who steals trade secrets, there’s not much of a civil difference there,” says Verna.
If you need to prosecute a trade secret theft from a criminal standpoint, a business will need to consult with the FBI. At that point, you’ll file a report with them and they will run with the case. However, that doesn’t guarantee justice.
How to Protect Your Intellectual Property
Basic Strategies to Protect Your Intellectual Property
Technical safeguards may take a while to implement, but what can you do right now to safeguard your IP? If you are looking for a few things you can do immediately to combat intellectual property theft, check out the steps below.
Setup an IT Employee Exit Checklist
Educate Employees About Internet Risks
Create Usage and Internet Policies
Setup Remote Access Policies and Education
Device Upload and Download Procedures
Backup Anything Important
Double Check Access Permissions
Not all of these suggestions are technical, so they may be easier to implement by non-tech staff. If you are concerned about the cost of the technical suggestions, don’t buy what you don’t need, but do make sure you choose tools that employees will use.
The more we can do to secure our IP, the more we can minimize these attacks recurring. If you’re even a little bit worried about your IP, now is the time to take action.
About John Hurley
John has over 18 years of Internet software and leadership experience. Prior to starting SmartFile, John was president and co-founder of Webexcellence, one of the largest web development firms in Indianapolis.