James Martin, Partner at DMH Stallard and one of the UK’s foremost legal experts in the field of IP, has set out below 10 key considerations for how business owners should protect their intellectual property and particularly their commercially sensitive confidential information, knowhow and trade secrets.
Protecting intellectual property (IP) and confidential information is a huge challenge for businesses. From cybercrime to human error, it can be very difficult to keep IP and confidential information safe in today’s world.
Most businesses will possess confidential information in one form or another and, in the 21st Century, all businesses are operating in an environment plagued with sophisticated attackers. IP and confidential information is notoriously difficult to protect, so businesses should develop a security-conscious culture and focus on raising and maintaining awareness of the changing threat landscape with its employees and third parties.
Here are our Top 10 Tips to help you protect your business’ IP and confidential information:
1.Educate employees. Employees must understand the importance of information security and we recommend developing appropriate policies so that responsibilities are clear;
2.Implement an on-going awareness programme. The threat landscape changes constantly so it is important your employees understand new threats particularly when they can be targeted i.e. social engineering;
3.Implement and enforce a stringent password policy. This will help prevent unauthorised access to systems operated by the business. Ensure strong passwords are put in place by all employees which are of a reasonable length with varying characteristics, i.e. numbers, letters, and special characters, and do not permit employees to use personal information in their passwords to make them more difficult to guess;
4.Operate a clear desk and clear screen policy. Avoid the risk of sensitive documents containing confidential and sensitive information from falling into the wrong hands;
5.Implement “defence in depth”. Layer your security, particularly with your most sensitive or confidential data, so that even if one layer of security is compromised there are still other layers to prevent unauthorised access;
6.Regularly review and investigate logs/alarms. Look for suspicious and unauthorised activity and consider implementing Security Incident Event Management (SIEM) software to automate the log analysis process;
7.Implement a “Data Loss Prevention solution”. One of the biggest threats to IP and confidential information are employees. Protect yourself from this insider threat by preventing users from sending certain data to an external source and which tracks and monitors data movement that is prohibited;
8.Only grant the minimum access required. Restrict access to sensitive and confidential files with access only to be authorised on the basis that it is essential for an employee’s role, reviewing access permissions regularly and removing access when it is no longer required;
9.Include appropriate IP and confidentiality terms in employees’ contracts. Protect your IP and data and outline the consequences of failing to do so; and
10.Disable employee access to sensitive information upon resignation.