Protecting your intellectual property is essential to the very survival of your organization: according to a study by Deloitte, IP may constitute up to 80 percent of a company’s value. Guarding your IP is especially important for startups, which can lose almost their entire value if their IP falls into the wrong hands. The Coca-Cola recipe, which has been a fiercely guarded trade secret for more than a century to deter imitators and duplicators, is just one example of how important it is to keep your company’s IP under wraps.
But in a world of data breaches and corporate espionage, how can you ensure that your IP remains safely under lock and key? In this article, we’ll discuss 5 best practices for protecting your company’s most important asset: its intellectual property.
1. Take stock of your inventory
Before taking steps to protect your intellectual property, it helps if you know exactly what it is you’re defending. Your company’s IP may consist of:
Copyrighted works (e.g. literature, artworks, films, and music)
2. Define user roles and access
Once you’ve created an inventory of your company’s IP assets, you then need to define which people inside (and potentially outside) the organization should have access to each one. Coca-Cola, for its part, keeps its secret recipe inside a 10-foot-tall vault in Atlanta; according to marketing manager Jacquie Wansley, “not a lot of people know” the exact makeup of the beverage, although the exact number is unclear.
As an organization rich in IP assets, you need to have a better idea of how many people have access to your IP than "not a lot of people." Your goal should be to share the smallest amount of information, with the fewest number of people, in order to successfully operate—and no more. Note that external third parties may require access to certain IP assets on a case-by-case basis (see the section on virtual data rooms below).
3. Institute a clear IP policy
One of the biggest causes of IP theft and infringement is employee negligence—a single mistake or successful phishing attack can result in irrevocable losses for your company.
To lessen this risk, you must have a clearly defined IP policy that all new hires and recent departures must review and sign upon joining and leaving the organization. This policy should be reviewed at regular intervals, and should account for employee feedback. Non-disclosure agreements are also a must for employees who will be interacting with company IP on a regular basis.
4. Use a Virtual Data Room (VDR)
When interacting with third parties external to your organization (e.g. during M&A transactions, fundraising rounds, and audits), it’s often necessary to share intellectual property information that could be disastrous if it fell into the wrong hands. That’s where virtual data rooms (VDRs) come in: secure online repositories for the storage and sharing of confidential and sensitive files.
VDRs come packed with security features that help protect your company’s most valuable intellectual property, including strict user access controls, watermarking, and activity audit trails. These features help make VDRs even more secure than sharing documents in person.
5. Implement training and education programs
Training and education programs can also help employees understand the risks of IP theft and the steps they need to take to protect themselves and the business. IP protection must be an integral part of all employee orientation sessions, as well as any IT security training programs.
Most importantly, teach employees to recognize signs of common attacks: e.g. phishing scams designed to exfiltrate login details or social engineering attacks that manipulate people into divulging information. Instead of blindly trusting that employees have absorbed these lessons, many organizations also use simulated phishing tests to see whether employees would actually "take the bait" of such an attack.