Hours of research and development go into producing a company’s unique intellectual property—making its IP one of the most valuable assets a business holds. As with any asset, it’s essential for a tech business to secure its IP using every resource available.
Considering the stakes, what can a tech company do to protect its IP? Below, 12 members of Forbes Technology Council share strategies tech companies should leverage to protect their intellectual property from both external and internal threats.
1. Focus on user control.
If it’s a tech company’s most critical asset, you focus your security, data protection and fraud controls around the intellectual property. Some strategies I’ve used in the past are around zoning (Zero Trust), identity (who has access, what they can do and how they are using it), good governance (check in/check out) and, finally, monitoring for any user doing something that’s “out of character.” - Lewie Dunsworth, Nuspire
2. Document and communicate policies.
Sometimes the most impactful strategies have to do with people, not technology. Start by covering the basics. Properly document and communicate policies regarding company information to all your employees and customers. These include whether the information may be shared or if it’s confidential and what can and cannot be taken by employees when they leave or their contracts terminate. Then move on to more advanced solutions. - Brent Yax, Awecomm Technologies
3. Ensure new hires share your values.
The best defense is a great offense, which means hiring people who share your values. Focus on the people, who they are, what makes them tick and why they want to join your organization. Background checks and reference checks can tell a story as well. Values drive character, and character protects your business and IP. - Ed Laczynski, Zype
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
4. Have everyone sign an explicit NDA.
The very first step should always be the formally signed nondisclosure agreement. It should explicitly state the types of items that should remain confidential, the NDA’s expiry date, things that are excluded from the NDA and the consequences of disclosing sensitive information. - Pawel Rzeszucinski, Codewise
5. Optimize physical security measures.
There is no substitute for physical security, and part of physical security means not inviting a vampire into your organization. Ask anyone who has been victimized and I’ll bet you that if they are honest, they will say hiring the problem employee could have been avoided by better screening and limiting physical access to information. - Wayne Lonstein, VFT Solutions, Inc.
6. Prioritize steps that promote loyalty.
Ideas are free—it’s what you do with them that matters. Build an ecosystem that locks in value. Develop loyal employees. Prioritize happy customers. Invest in best practices that minimize risk and maximize efficiency. - Sarah McKenna, Sequentum Inc.
7. Keep close control of privileges.
To protect business-critical data, you should stay on top of privilege abuse. First, revoke privileges upon user termination to make sure departing employees are no longer in the game. Second, use threat-monitoring solutions to spot users exhibiting suspicious behaviors—for example, bulk file deletions or unusual access events—and to detect privileged users meddling with systems they are not responsible for. - Ilia Sotnikov, Netwrix
8. Use homomorphic encryption.
We use homomorphic encryption methods to secure our data from hacking. This method requires the keys and the keystores to be together. In our solution, you can never take the data out of our offices as it is considered useless at that point. I highly recommend it. - Christopher Carter, Approyo
9. Adopt a Zero Trust model.
Implementing a Zero Trust model over the data layer is the most important first step. With every suitable project assignment, the intellectual property rights lawyer can brief the project team on the sensitive information they will be handling as part of their work. Employees being proactively told what constitutes IP while doing their everyday project assignments is something we do not otherwise see. - Amandeep Midha, BEC
10. Implement DLP techniques.
While organizations can hide behind nondisclosure agreements and noncompete clauses, it’s still no substitute for proper security measures. Data loss prevention techniques should be implemented to ensure critical and sensitive information does not exfiltrate the company. Additionally, the importance of sound security practices and logging of access to critical data cannot be understated. - Tom Garrubba, SFG/Shared Assessments
11. Integrate FIM/FAM technologies.
File integrity monitoring and file access monitoring is great tech that can help companies know what files have been accessed, changed or deleted, as well as what changes have been made, by whom and when. Comprehensive logging of system events is critical for understanding any access to systems, changes in access levels or what files have been sent to external systems or locations. - Brad Thomas, Prophecy International
12. Leverage SSH and key generation.
Secure Shell Protocol and key generation have proven to be tremendously helpful in managing data storage and protection. Creating a virtual machine allows for the generation of a standard key of at least 512 symbols, and this can be provided to all users requiring access. This technology is safer compared to standard password and encryption methods, as the real access details remain within the creator’s device. - Alex Dzyuba, Lucid Reality Labs