Protecting Intellectual Property and Data Loss Prevention Are your competitive differentiators and client lists walking ou...
Agenda <ul><li>7:00 Coffee and Networking </li></ul><ul><li>7:15 Intellectual Property (IP) – What is it and how do you pr...
Sponsors Website Sponsor: Techevolution Contact:  Corey Tapper Phone:  781-595-2040 www.techevolution.com   Facilities/Loc...
Moderator and Speakers For more information about the event or Boston Business Alliance, go to: www.BostonBusinessAlliance...
Possible Implications and Why be Concerned? <ul><li>Intellectual Property  – most business owners have invested their uniq...
What is Intellectual Property? <ul><li>Knowledge  and/or  Expression   conceived, created or constructed by a person or en...
Elements of Intellectual Property <ul><li>Trademarks </li></ul><ul><li>Copyright </li></ul><ul><li>Design & Utility Patent...
WHY IP?  WHY NOW? <ul><li>IP Strategies help drive the Business Plan! </li></ul>
Trademarks – Source Identifiers <ul><li>A word, phrase, symbol or design, sound, smell, or combination. </li></ul><ul><li>...
Trademarks – 5 steps to protection <ul><li>#1  Choose a defensible mark. </li></ul><ul><li>#2  Clear the mark. </li></ul><...
Copyright <ul><li>Protects EXPRESSION, not idea) </li></ul><ul><li>NOTICE:   </li></ul><ul><li>©  or  Copyright 2008, XYZ ...
Copyright Ownership <ul><li>1) author/artist or its employer unless independent contractor  </li></ul><ul><li>2) joint or ...
What Is a  PATENT ? <ul><li>Right to Exclude (SUE) others from:  </li></ul><ul><ul><li>Making </li></ul></ul><ul><ul><li>U...
What Can Be Patented? What Should Be Patented?
Design Patents versus Utility Patents <ul><li>Appearance of Articles of Manufacture </li></ul><ul><li>Structure or Functio...
Priority Dates and Foreign Filing Rights <ul><li>First to file vs. First to Invent </li></ul><ul><li>U.S. Provisional Pate...
PATENT INFRINGMENT <ul><li>Patent Holder must prove Infringer incorporates each & every element of at least 1 independent ...
TRADE SECRETS <ul><li>Information, the disclosure of which would be disadvantageous for the company. </li></ul><ul><li>Pro...
Trade Secrets – DO’s <ul><li>COMPANY POLICY </li></ul><ul><li>NON DISCLOSURE CONTRACTS </li></ul><ul><li>PHYSICAL SECURITY...
Intellectual Property Rights –Valuable but Perishable <ul><li>Recognize and evaluate IP early. </li></ul><ul><li>Review po...
Intellectual Property is KING <ul><li>There is an inexhaustible supply of new intellectual property, accessible in some de...
IP Management and Control <ul><li>Have an IP strategy component to the business plan. </li></ul><ul><li>Demonstrate a top-...
Speakers Vern Maine Vernon Maine, of Vern Maine & Associates, leaders in intellectual property strategies and law. Founder...
Possible Implications and Why be Concerned? <ul><li>Intellectual Property  – most business owners have invested their uniq...
What is DLP ? <ul><li>Data Loss Prevention (DLP) is a computer security term referring to systems that identify, monitor, ...
Data Loss Prevention Drivers Customer Data Social Sec. Num. Credit Card Data Health Records The Risk <ul><li>1:400  Messag...
Areas of Concern Note: Mean average ratings based on a five-point scale where 1 is “not at all concerned” and 5 is “extrem...
The Concern is Well Founded
…And <ul><li>Of course there is the elephant in the room that people don’t want to talk about: </li></ul><ul><ul><li>Data ...
<ul><li>What type of confidential, sensitive or proprietary information did you keep after leaving your former company? </...
How Was Data Removed?
Other Reasons for DLP ? <ul><li>Most SMB’s fall are regulated by law(s) that mandate controls over information; </li></ul>...
So, What Should I Do? <ul><li>DLP is more than just technology </li></ul><ul><li>A comprehensive initiative or Program </l...
Strategy <ul><li>Stakeholders and business owners need to be aware of this and understand the concepts and consequences </...
People <ul><li>Most likely the biggest risk to SMB </li></ul><ul><ul><li>If you use Temporary Labor </li></ul></ul><ul><ul...
Process <ul><li>Identify your Intellectual Property and confidential data </li></ul><ul><li>Are Standard Operating Procedu...
Technology <ul><li>Start small with the high value data </li></ul><ul><li>The notion of  ‘Reasonable ,’  ‘Usual and Custom...
Questions and Answers
Call to Action <ul><li>Intellectual Property </li></ul><ul><ul><li>Have an IP strategy component to the business plan </li...
Closing and Adjourn <ul><li>Reminder about Boston Business Alliance </li></ul><ul><ul><li>Visit website for suggesting Hot...
Sponsors Website Sponsor: Techevolution Contact:  Corey Tapper Phone:  781-595-2040 www.techevolution.com   Facilities/Loc...
Contact Information <ul><li>Boston Business Alliance </li></ul><ul><ul><li>www.BostonBusinessAlliance.com </li></ul></ul><...
Appendix Slides
Applicable Statutes and Regulations <ul><li>Sarbanes-Oxley  (SOX) Visibility and disclosure regulations for public compani...
Technology Terms <ul><li>Data Loss Prevention (DLP) -  Data Loss Prevention (DLP) is a computer security term referring to...
Upcoming SlideShare
Loading in …5
×

Protecting Intellectual Property & Data Loss Prevention

846 views
718 views

Published on

Presentation to the Boston Business Alliance

Published in: Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
846
On SlideShare
0
From Embeds
0
Number of Embeds
27
Actions
Shares
0
Downloads
18
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Target audience = small business owners; leaders of organizations; additionally could mention advisors to SMBs such as CPAs, bankers, attorneys, etc. or specific titles, like CFOs, Government leaders, etc.
  • Broadly speaking, all the intangible stuff that makes your company unique; image, reputation, unique skills and technology, original artwork and graphics, business plans and strategies, internal cost structures and organization, client and vendor lists and relationships, etc. Some of it can be protected by Notice and/or REGISTRATIONS, e.g. patents, trademarks, copyright. Some of it can only be protected only by SECRECY and/or CONTRACTS. Some of it is protected by Law.
  • Source Identifiers – Trademarks Public Policy, Avoid Confusion Original expressions, e.g.drawings, text, graphics, software, music, art, datasheets, websites, logo’s – Copyright Inventions , both industrial designs of articles of manufacture, and inventive devices and methods - Design &amp; Utility Patents Constitution-based protection, Article 1 clause 8, section 8 Confidential Information e.g. business plans, strategies, production methods, recipes, special tools and procedures, sources of materials, internal conditions, client lists, methods and technology, etc., the disclosure of which would be disadvantageous to the company – Trade Secrets
  • IP Portfolio &gt; Valuable Asset Risk Management Tool Credibility with Stakeholders Defined Tech/Trademark Space IP Savvy &gt; Extension of Business savvy Revenue Generator Motivate Employees
  • A word, phrase, symbol or design, sound, smell, or combination of these which identifies and distinguishes the source of the goods or services of one party from those of others. E.G. NBC chimes, Pink Fiberglass, Nike swoosh, golden arches, Harley sound, Microsoft graphics, arbitrary word marks like Apple for computers, Target for department stores. Protect by Notice and/or Registration: Common law trademark rights - use the ™ symbol after the mark, federal registration – use the ® symbol.
  • Defensible means arbitrary and distinctive. Search for others using the same or similar mark for related goods and services State and Fed registration available. Use mark with circle R in conjunction with goods and services in only the registered class. Watch for infringers! Don’t wait too long.
  • Copyright protection is automatic! (protects expression, not idea) NOTICE prevents claim of innocent infringement; © or Copyright, year of publication, and owners name, e.g. Copyright 2008, XYZ Inc. #1 Copyrightable subject matter #2 Fixed in a tangible form #3 Original* Work of Authorship (*Needs only a modicum of originality) Life of author plus 70 years. For an anonymous work, a pseudonymous work, or a work made for hire, 95 years from first pub date, or 120 years from date created, whichever expires first. http://www.copyright.gov
  • Rights arise automatically, with or without formal notice! Don’t assume other material you want to use is in the public domain. Always make a documented effort to ascertain the owner of copyright. Give attribution to source
  • “ Any thing under the sun made by man”, Apparatus (machine or device), Process (method), Article of manufacture, Improvements, Compositions of matter Utility - Functional features, Design – Aesthetic features What Should? Commercially valuable systems, devices, and methods. Devices and processes unprotectable by trade secrets. Inventions that have a 4+ year lifespan. Inventions that have sufficient claim scope to avoid design arounds. Inventions that support the Business Plan. Detectable infringement.
  • Articles of Manufacture, appearance easily knocked off. Ornamental characteristics, but contrast Trademarks/Tradedress Drawings, Relatively inexpensive Disclaim functional features and common features Generally little prosecution, Low issue fee, no maintenance fees Foreign filings available (normally 6 month priority limit) Narrow scope of protection. ///// Protects Functionality - process/method, device, business system, product-by-process. Fairly Expensive to draft and file. Requires inventor time and involvement. Formal drawings may be required. Subject to rigorous examination – expensive. Takes about 2-5 years, government issue fee, and maintenance fees.
  • Priority Dates, explain Provisional Patent Applications. Describe….. Patent Cooperation Treaty applications preserve right to file in over 130 countries, including U.S. Delay major prosecution costs up to 30 months from priority date. Gets published. Gets a search/exam but not a Patent.
  • No applications, no filing fees. Mostly State law. It is a tort, and typically a violation of state statutes, and preferably a Breach of Contract, to misappropriate employer confidential information. Technology Trade Secrets should be documented with an Invention Disclosure .
  • COMPANY POLICY as reflected in policy handbook, employment agreements, periodic such as annual employee briefings for documenting, marking, safe guarding, tracking, and reporting problems. NON DISCLOSURE CONTRACTS – with vendors and customers PHYSICAL SECURITY – at all levels from marking documents, and files, marking and locking file cabinets, rooms, buildings, limiting access on a need to know basis. ELECTRONIC SECURITY – computers, networks, firewalls, passwords, etc. VET OUTGOING MATERIALS – policy and procedure for assessing and approving outgoing sensitive materials and information from all departments.
  • Have an IP strategy component to the business plan. Demonstrate a top-down commitment to cultivating and protecting IP. Conduct employee training regularly. Document, document, document. Have a rational internal process for handling and safeguarding IP and for managing IP threats and opportunities. Search for and Evaluate competitor’s IP with same intensity.
  • At the end, Moderator states that the meeting is officially over. If there are more questions, state that anyone who has to leave, feel free, and we will continue on.
  • Protecting Intellectual Property & Data Loss Prevention

    1. 1. Protecting Intellectual Property and Data Loss Prevention Are your competitive differentiators and client lists walking out the door? Protect your competitive advantage! * Second in a series of Informational Breakfast Events with topics of timely and valuable information for small and medium size business owners and organization leaders Informational Breakfast Meeting* Sponsored by: Boston Business Alliance www.BostonBusinessAlliance.com September 23, 2009 – 7:00-9:00 AM 800 W. Cummings Park, Suite 4750 Woburn, MA 01801
    2. 2. Agenda <ul><li>7:00 Coffee and Networking </li></ul><ul><li>7:15 Intellectual Property (IP) – What is it and how do you protect it? </li></ul><ul><li>(Attorney Vern Maine) </li></ul><ul><li>8:00 Information and Data Loss Prevention </li></ul><ul><li>(Bob Carroll, Consultant) </li></ul><ul><li>8:45 Questions and Answers </li></ul><ul><li>Speakers available for questions </li></ul><ul><li>9:00 Adjourn </li></ul>
    3. 3. Sponsors Website Sponsor: Techevolution Contact: Corey Tapper Phone: 781-595-2040 www.techevolution.com Facilities/Location Sponsor: Sunbelt Business Sales & Acquisitions Contact: Mariola Andoni Phone: 781-932-7355 www.sunbeltne.com Refreshment Sponsor: Analytix Solutions Contact: Jason Lefter Phone: 781-503-9000 www.analytixsolutions.com
    4. 4. Moderator and Speakers For more information about the event or Boston Business Alliance, go to: www.BostonBusinessAlliance.com Bob Carroll Bob Carroll has more than 20 years experience in information technology, business consulting, data services and engineering. He has been a key contributor on projects running the gamut from the B-2 Stealth Bomber to improving student performance in New England public and private schools. His work involves selecting and implementing next generation strategies, methodologies, and technologies for clients. Most recently, Bob is focused on Data Loss Prevention, Security and Regulatory Compliance, such as Mass 201 CMR 17.00 for private sector business and public sector, such as schools and local government. See www.bobcarrollconsultant.com Vern Maine Vernon Maine, of Vern Maine & Associates, leaders in intellectual property strategies and law. Founder and managing partner of the firm. Registered to practice in New Hampshire, Massachusetts, and New York, and before the U.S. Patent and Trademark Office and the Court of Appeals for the Federal Circuit. Founded the practice in 1993, providing legal counseling, services and seminars on intellectual property and business law, including U.S. provisional, utility, and design patents, PCT patent applications, trademarks, copyrights, trade secrets, licensing, infringement, contracts, and related business matters. For more info, www.vernmaine.com Ray Arpin - Moderator Ray Arpin has 30 years of experience working with small companies and start-ups, to Fortune 10, Global 2000, state and federal organizations, in a wide variety of industries and segments. His specialty is business process improvement to increase sales and reduces costs, professional services, and regulatory compliance. Most recently, he is focused on helping companies and individuals quickly apply business best practices, and specifically to become compliant with personal identity security regulations and MA 201 CMR 17.00. For more information, www.rayarpin.com
    5. 5. Possible Implications and Why be Concerned? <ul><li>Intellectual Property – most business owners have invested their unique knowledge, experience, and creativity in their business – that should be treated as property and should be protected from competitors </li></ul><ul><li>Trade Secrets OUTED – What if your confidential business deal with another company to exploit your newly developed technology is scuttled before it is announced because a competitor got wind of it and made the other party a better offer for the same technology? </li></ul><ul><li>Infringing – What happens if you get a “Cease and Desist” letter from a lawyer saying you must stop using your trademark, or that your production method is infringing their patent, or that your website or marketing collateral are using their copyright protected materials? </li></ul><ul><li>Infringed – What happens if your competitor launches a new service using a trademark similar to yours? What if a competitor launches a new website and it has clearly copied images or text from your website? What if you just invented a new gizmo and filed a patent application and are investing to get it into production, and your competitor comes out with a product just like it? </li></ul><ul><li>Employee Obligations – What control do you have over an employee’s intellectual contributions and confidentiality during and after his or her employment ends? </li></ul><ul><li>Data [Information] Loss – important and confidential information may be walking out the door or even unintentionally leaked to others; even competitors – such as client lists or information </li></ul><ul><li>Compliance – HIPAA in health and benefits, FTC ‘Red Flags Rule’, GLBA and BASEL II in finance, MASS. 201 CMT 17.00, Electronic Medical records – all require protection of data/information </li></ul><ul><li>Data Loss during Downsizing – As employees exit, does the corporate data? What about loss by way of temporary or contract help? </li></ul><ul><li>Possible Fines – $5,000 per occurrence, and/or per person effected or compromised; in addition to a basis for a law suit, bad publicity, and other serious risks </li></ul><ul><li>Professional Malpractice Risks – if you are an attorney, CPA, doctor, or any other professional, did you know that you are at risk for a malpractice lawsuit if you fail to adequately protect client information? </li></ul>
    6. 6. What is Intellectual Property? <ul><li>Knowledge and/or Expression conceived, created or constructed by a person or entity. </li></ul><ul><li>Some protectable by NOTICE and REGISTRATION , e.g. patents, trademarks, copyright. </li></ul><ul><li>Some protectable only by SECRECY and/or CONTRACTS . </li></ul><ul><li>Some protected by LAW . </li></ul>
    7. 7. Elements of Intellectual Property <ul><li>Trademarks </li></ul><ul><li>Copyright </li></ul><ul><li>Design & Utility Patents </li></ul><ul><li>Trade Secrets </li></ul><ul><li>What’s in your IP portfolio? </li></ul>
    8. 8. WHY IP? WHY NOW? <ul><li>IP Strategies help drive the Business Plan! </li></ul>
    9. 9. Trademarks – Source Identifiers <ul><li>A word, phrase, symbol or design, sound, smell, or combination. </li></ul><ul><li>E.G., NBC chimes, Pink Fiberglass, Nike swoosh, golden arches, Harley sound, Microsoft graphics, Apple for computers, Target for department stores. </li></ul><ul><li>Notice: ™ symbol after the mark </li></ul><ul><li>Federal reg: – use the ® symbol. </li></ul>
    10. 10. Trademarks – 5 steps to protection <ul><li>#1 Choose a defensible mark. </li></ul><ul><li>#2 Clear the mark. </li></ul><ul><li>#3 Apply common-law Notice and/or register. </li></ul><ul><li>#4 Use the mark correctly. </li></ul><ul><li>#5 Police the Mark </li></ul>
    11. 11. Copyright <ul><li>Protects EXPRESSION, not idea) </li></ul><ul><li>NOTICE: </li></ul><ul><li>© or Copyright 2008, XYZ Inc. </li></ul><ul><li>Federal Registration available. </li></ul><ul><li>Best IP Bang for the Buck! </li></ul><ul><li>File within 3 months of publication. </li></ul><ul><li>www.copyright.gov </li></ul>
    12. 12. Copyright Ownership <ul><li>1) author/artist or its employer unless independent contractor </li></ul><ul><li>2) joint or co-ownership </li></ul><ul><li>3) work for hire </li></ul><ul><li>ALWAYS use Written Agreements conveying ownership of copyright in important works. </li></ul>
    13. 13. What Is a PATENT ? <ul><li>Right to Exclude (SUE) others from: </li></ul><ul><ul><li>Making </li></ul></ul><ul><ul><li>Using </li></ul></ul><ul><ul><li>Selling, Offer to sell </li></ul></ul><ul><ul><li>Importing </li></ul></ul><ul><ul><li>… the Patented Invention! </li></ul></ul><ul><li>20-21 year term. </li></ul><ul><li>Quid pro quo? </li></ul>No Trespassing !
    14. 14. What Can Be Patented? What Should Be Patented?
    15. 15. Design Patents versus Utility Patents <ul><li>Appearance of Articles of Manufacture </li></ul><ul><li>Structure or Functionality of Methods and Machines </li></ul>
    16. 16. Priority Dates and Foreign Filing Rights <ul><li>First to file vs. First to Invent </li></ul><ul><li>U.S. Provisional Patent Applications. </li></ul><ul><li>Patent Cooperation Treaty applications preserve right to file in over 130 countries, including U.S. </li></ul><ul><li>Regional filing opportunities. </li></ul>
    17. 17. PATENT INFRINGMENT <ul><li>Patent Holder must prove Infringer incorporates each & every element of at least 1 independent claim. </li></ul><ul><li>Infringer is unable to prove the patent invalid or otherwise unenforceable. </li></ul>
    18. 18. TRADE SECRETS <ul><li>Information, the disclosure of which would be disadvantageous for the company. </li></ul><ul><li>Protection against those that MISAPPROPRIATE confidential information. 2 Basic Requirements: </li></ul><ul><li>1) Documented Information that has commercial value. </li></ul><ul><li>2) Safeguarded by all reasonable means. </li></ul>
    19. 19. Trade Secrets – DO’s <ul><li>COMPANY POLICY </li></ul><ul><li>NON DISCLOSURE CONTRACTS </li></ul><ul><li>PHYSICAL SECURITY </li></ul><ul><li>ELECTRONIC SECURITY </li></ul><ul><li>VET OUTGOING MATERIALS </li></ul>
    20. 20. Intellectual Property Rights –Valuable but Perishable <ul><li>Recognize and evaluate IP early. </li></ul><ul><li>Review portfolio regularly for focus and cost control. </li></ul><ul><li>Reassess opportunities to exploit your IP regularly to maximize return on investment. </li></ul>
    21. 21. Intellectual Property is KING <ul><li>There is an inexhaustible supply of new intellectual property, accessible in some degree to everyone that wants it. </li></ul><ul><li>The law provides a limited opportunity for those that discover or create it to profit by it. </li></ul><ul><li>The skillful exploitation of IP is the single biggest factor in business success today. </li></ul>
    22. 22. IP Management and Control <ul><li>Have an IP strategy component to the business plan. </li></ul><ul><li>Demonstrate a top-down commitment to cultivating and protecting IP. </li></ul><ul><li>Have a rational internal process for handling and safeguarding IP. </li></ul><ul><li>Conduct employee training regularly. </li></ul><ul><li>Document, document, document. </li></ul><ul><li>Search for and Evaluate competitor’s IP with same intensity. </li></ul>
    23. 23. Speakers Vern Maine Vernon Maine, of Vern Maine & Associates, leaders in intellectual property strategies and law. Founder and managing partner of the firm. Registered to practice in New Hampshire, Massachusetts, and New York, and before the U.S. Patent and Trademark Office and the Court of Appeals for the Federal Circuit. Founded the practice in 1993, providing legal counseling, services and seminars on intellectual property and business law, including U.S. provisional, utility, and design patents, PCT patent applications, trademarks, copyrights, trade secrets, licensing, infringement, contracts, and related business matters. For more info, www.vernmaine.com Bob Carroll Bob Carroll has more than 20 years experience in information technology, business consulting, data services and engineering. He has been a key contributor on projects running the gamut from the B-2 Stealth Bomber to improving student performance in New England public and private schools. His work involves selecting and implementing next generation strategies, methodologies, and technologies for clients. Most recently, Bob is focused on Data Loss Prevention, Security and Regulatory Compliance, such as Mass 201 CMR 17.00 for private sector business and public sector, such as schools and local government. See www.bobcarrollconsultant.com
    24. 24. Possible Implications and Why be Concerned? <ul><li>Intellectual Property – most business owners have invested their unique knowledge, experience, and creativity in their business – that should be treated as property and should be protected from competitors </li></ul><ul><li>Trade Secrets OUTED – What if your confidential business deal with another company to exploit your newly developed technology is scuttled before it is announced because a competitor got wind of it and made the other party a better offer for the same technology? </li></ul><ul><li>Infringing – What happens if you get a “Cease and Desist” letter from a lawyer saying you must stop using your trademark, or that your production method is infringing their patent, or that your website or marketing collateral are using their copyright protected materials? </li></ul><ul><li>Infringed – What happens if your competitor launches a new service using a trademark similar to yours? What if a competitor launches a new website and it has clearly copied images or text from your website? What if you just invented a new gizmo and filed a patent application and are investing to get it into production, and your competitor comes out with a product just like it? </li></ul><ul><li>Employee Obligations – What control do you have over an employee’s intellectual contributions and confidentiality during and after his or her employment ends? </li></ul><ul><li>Data [Information] Loss – important and confidential information may be walking out the door or even unintentionally leaked to others; even competitors – such as client lists or information </li></ul><ul><li>Compliance – HIPAA in health and benefits, FTC ‘Red Flags Rule’, GLBA and BASEL II in finance, MASS. 201 CMT 17.00, Electronic Medical records – all require protection of data/information </li></ul><ul><li>Data Loss during Downsizing – As employees exit, does the corporate data? What about loss by way of temporary or contract help? </li></ul><ul><li>Possible Fines – $5,000 per occurrence, and/or per person effected or compromised; in addition to a basis for a law suit, bad publicity, and other serious risks </li></ul><ul><li>Professional Malpractice Risks – if you are an attorney, CPA, doctor, or any other professional, did you know that you are at risk for a malpractice lawsuit if you fail to adequately protect client information? </li></ul>
    25. 25. What is DLP ? <ul><li>Data Loss Prevention (DLP) is a computer security term referring to systems that identify, monitor, and protect data </li></ul>World Wide Web 0111011000111 .qbm .qbb Endpoints In Motion At Rest
    26. 26. Data Loss Prevention Drivers Customer Data Social Sec. Num. Credit Card Data Health Records The Risk <ul><li>1:400 Messages contains confidential data </li></ul><ul><li>1:50 Network files is wrongly exposed </li></ul><ul><li>4:5 Companies lost data on laptops </li></ul><ul><li>1:2 Lost Data on USB Devices </li></ul>Corporate Data Financials Mergers and acquisitions Employee data Intellectual Prop. Source code Design documents Work products Confidential Data Types
    27. 27. Areas of Concern Note: Mean average ratings based on a five-point scale where 1 is “not at all concerned” and 5 is “extremely concerned” Data: Informationweek Analytics Data Loss Prevention Survey of 218 business technology professionals How Concerned are you about the following sources of data leaks Out of a maximum rating of ‘5’
    28. 28. The Concern is Well Founded
    29. 29. …And <ul><li>Of course there is the elephant in the room that people don’t want to talk about: </li></ul><ul><ul><li>Data Loss Risks During Downsizing </li></ul></ul><ul><ul><li>As employees exit, so does the corporate data </li></ul></ul>
    30. 30. <ul><li>What type of confidential, sensitive or proprietary information did you keep after leaving your former company? </li></ul>For the Non-Believers
    31. 31. How Was Data Removed?
    32. 32. Other Reasons for DLP ? <ul><li>Most SMB’s fall are regulated by law(s) that mandate controls over information; </li></ul><ul><ul><li>Sarbanes-Oxley (SOX) Act </li></ul></ul><ul><ul><li>HIPAA in health and benefits </li></ul></ul><ul><ul><li>American Recovery and Reinvestment Act (ARRA) </li></ul></ul><ul><ul><li>FTC ‘Red Flags Rule’ </li></ul></ul><ul><ul><li>Gramm-Leach-Bliley Act and Basel II in finance </li></ul></ul><ul><ul><li>MASS. 201 CMR 17.00 </li></ul></ul><ul><ul><li>Payment Card Industry (PCI) Data Security Standard (DSS) </li></ul></ul>
    33. 33. So, What Should I Do? <ul><li>DLP is more than just technology </li></ul><ul><li>A comprehensive initiative or Program </li></ul><ul><ul><li>Strategy </li></ul></ul><ul><ul><li>People </li></ul></ul><ul><ul><li>Process </li></ul></ul><ul><ul><li>Technology </li></ul></ul><ul><li>Outline ‘DLP Recipes’ (Recommendations) </li></ul><ul><li>Recipes for DLP </li></ul><ul><li>Check Bostonbusinessalliance.com for ‘How To’s’ links, resources, and articles </li></ul>Recommendations
    34. 34. Strategy <ul><li>Stakeholders and business owners need to be aware of this and understand the concepts and consequences </li></ul><ul><li>Governance – What applies to your business? </li></ul><ul><ul><li>201 CMR 17.00 ? </li></ul></ul><ul><ul><li>FTC Red Flag ? </li></ul></ul><ul><ul><li>HIPAA ? </li></ul></ul><ul><li>Put policies and agreements in place </li></ul><ul><li>Start with an assessment. Where is the risk, what is the risk and how much could it cost my business ? </li></ul><ul><li>Adopt an acceptable Use policy – (no it is not ok to view pornography on company resources.) </li></ul><ul><li>Consider Free and Open Source (Truecrypt, Pretty Good Privacy, PGP) </li></ul><ul><li>Execute non-Compete, NDA, Confidentiality </li></ul>Recommendations
    35. 35. People <ul><li>Most likely the biggest risk to SMB </li></ul><ul><ul><li>If you use Temporary Labor </li></ul></ul><ul><ul><ul><li>Bookkeepers </li></ul></ul></ul><ul><ul><ul><li>Paralegals </li></ul></ul></ul><ul><ul><ul><li>Clerks </li></ul></ul></ul><ul><ul><ul><li>Contract attorneys </li></ul></ul></ul><ul><ul><li>If you use contractors (1099) </li></ul></ul><ul><li>Assign roles and responsibilities e.g. “Data Stewards” </li></ul><ul><li>Conduct initial and ongoing training and record acceptance </li></ul><ul><li>Allow access on “Need to know” basis only </li></ul><ul><li>PRIOR to the employee leaving, companies should monitor the employee’s access to the network or system to make sure sensitive and confidential data is not being downloaded or send to the employee’s personal email account. </li></ul>Recommendations
    36. 36. Process <ul><li>Identify your Intellectual Property and confidential data </li></ul><ul><li>Are Standard Operating Procedures (SOP) or Written Information Security Program (WISP) required by law? </li></ul><ul><li>Understand your processes </li></ul><ul><li>Are there safeguards and audits built into the process – catching what is missing </li></ul><ul><li>Ensure that policies and procedures clearly state former employees will no longer have access to sensitive and confidential information they used in their jobs. Enforce this! </li></ul><ul><li>Where possible and practical, use standard automated workflow processes and forms. These are easier to monitor and safeguard </li></ul><ul><li>Re-think the process of how you send data and email </li></ul><ul><ul><ul><li>-Encryption </li></ul></ul></ul><ul><ul><ul><li>-sftp, https:// </li></ul></ul></ul>Recommendations
    37. 37. Technology <ul><li>Start small with the high value data </li></ul><ul><li>The notion of ‘Reasonable ,’ ‘Usual and Customary ’ </li></ul><ul><li>Break up the problem: </li></ul><ul><ul><li>Data in use (e.g., endpoint actions), </li></ul></ul><ul><ul><ul><ul><li>Lost or stolen laptops </li></ul></ul></ul></ul><ul><ul><li>Data in motion (e.g., network actions), </li></ul></ul><ul><ul><ul><ul><li>Email </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Instant messaging </li></ul></ul></ul></ul><ul><ul><li>Data at rest (e.g., data storage) </li></ul></ul><ul><ul><ul><ul><li>Who has access </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Secure storage </li></ul></ul></ul></ul><ul><li>Ensure that basics are in place: </li></ul><ul><ul><li>-Patches are applied, AV and malware protection, Firewalls </li></ul></ul><ul><li>Prevent access to and downloads from sensitive data </li></ul><ul><li>Encryption –data, computers, and email (passwords on files ≠ encryption) </li></ul><ul><li>Shift the responsibility to hosted or third parties – the cloud </li></ul><ul><li>Keep your kids off ‘work’ computers and NO P2P </li></ul>Recommendations
    38. 38. Questions and Answers
    39. 39. Call to Action <ul><li>Intellectual Property </li></ul><ul><ul><li>Have an IP strategy component to the business plan </li></ul></ul><ul><ul><li>Demonstrate a top-down commitment to cultivating and protecting IP </li></ul></ul><ul><ul><li>Have a rational internal process for handling and safeguarding IP </li></ul></ul><ul><ul><li>Conduct employee training regularly </li></ul></ul><ul><ul><li>Document, document, document </li></ul></ul><ul><ul><li>Search for and Evaluate competitor’s IP with same intensity </li></ul></ul><ul><li>Data Loss Prevention </li></ul><ul><ul><li>Understand and mitigate the risks </li></ul></ul><ul><ul><li>Know where information resides, especially electronic </li></ul></ul><ul><ul><li>Get educated </li></ul></ul><ul><ul><ul><li>You have taken the first step </li></ul></ul></ul><ul><ul><li>Visit Bostonbusinessalliance.com for new details and information </li></ul></ul>
    40. 40. Closing and Adjourn <ul><li>Reminder about Boston Business Alliance </li></ul><ul><ul><li>Visit website for suggesting Hot Topics for these type of meetings </li></ul></ul><ul><ul><li>Invite other small business owners and peers who might benefit </li></ul></ul><ul><ul><li>Register for future meetings </li></ul></ul><ul><ul><li>Ask us to put your name on our email list to be notified of future meetings and events </li></ul></ul><ul><li>Evaluation form </li></ul><ul><ul><li>Please complete and leave on the table going out so that we can continuously improve </li></ul></ul>
    41. 41. Sponsors Website Sponsor: Techevolution Contact: Corey Tapper Phone: 781-595-2040 www.techevolution.com Facilities/Location Sponsor: Sunbelt Business Sales & Acquisitions Contact: Mariola Andoni Phone: 781-932-7355 www.sunbeltne.com Refreshment Sponsor: Analytix Solutions Contact: Jason Lefter Phone: 781-503-9000 www.analytixsolutions.com
    42. 42. Contact Information <ul><li>Boston Business Alliance </li></ul><ul><ul><li>www.BostonBusinessAlliance.com </li></ul></ul><ul><ul><li>See website for additional Contact and Member information </li></ul></ul><ul><li>Attorney Vern Maine </li></ul><ul><ul><li>Phone: (603) 886-6100 x7007 </li></ul></ul><ul><ul><li>Email: [email_address] </li></ul></ul><ul><ul><li>Website: www.vernmaine.com </li></ul></ul><ul><li>Bob Carroll </li></ul><ul><ul><li>Phone: (617) 314-9813 </li></ul></ul><ul><ul><li>Email: [email_address] </li></ul></ul><ul><ul><li>Website: www.bobcarrollconsultant.com </li></ul></ul><ul><li>See our website and handouts for other contacts, along with information on Intellectual Property, Data Loss Prevention, the Boston Business Alliance, our members and our sponsors. </li></ul><ul><ul><li>www.BostonBusinessAlliance.com </li></ul></ul>Feel free to pick up any of the handouts on the table.
    43. 43. Appendix Slides
    44. 44. Applicable Statutes and Regulations <ul><li>Sarbanes-Oxley (SOX) Visibility and disclosure regulations for public companies </li></ul><ul><li>Gramm-Leach-Bliley Act of 1999 (sometimes called the financial modernization act </li></ul><ul><li>HIPAA – Health Insurance Portability and Accountability Act of 1996 places requirements on the health care industry </li></ul><ul><li>FTC ‘Red Flags Rule’ – for law firms, professional services, and financial institutions </li></ul><ul><li>MASS. 201 CMR 17.00 for Personal Identity Information </li></ul><ul><li>PCI-DSS Payment Card Industry Data Security Standards – For processing credit cards </li></ul><ul><li>FERPA - Family Educational Rights and Privacy Act – If you deal with public schools </li></ul><ul><li>BASEL – Bank of International Settlements – Banking laws </li></ul>
    45. 45. Technology Terms <ul><li>Data Loss Prevention (DLP) - Data Loss Prevention (DLP) is a computer security term referring to systems that identify, monitor, and protect data: at the endpoints - in use (USB devices, laptops, PDA, iPhone), in motion (e.g., moving through the network – browsers and email), and data at rest (file systems, databases, and other storage </li></ul><ul><li>Encryption – Transforming information using and algorithm </li></ul><ul><li>Firewall – A device or software designed to block unauthorized access while permitting authorized comm. </li></ul><ul><li>Free and Open Source Software – An alternative to Microsoft Windows. Linux and Apache are the most famous </li></ul><ul><li>https:// – Hypertext Transfer Protocol - S ecure </li></ul><ul><li>Malware – Malicious Software - Software that infiltrates an owners computer without the owner’s informed consent </li></ul><ul><li>SFTP Secure File Transfer Protocol – A means of securely transmitting data </li></ul><ul><li>FERPA - Family Educational Rights and Privacy Act – If you deal with public schools </li></ul>

    ×