Protecting Intellectual Property and Data Loss Prevention (DLP)
Upcoming SlideShare
Loading in...5
×
 

Protecting Intellectual Property and Data Loss Prevention (DLP)

on

  • 3,405 views

Protecting Intellectual Property and Data Loss Prevention (DLP) – what makes your business unique, different, valuable, and attracts clients and customers - presented at the Boston Business Alliance ...

Protecting Intellectual Property and Data Loss Prevention (DLP) – what makes your business unique, different, valuable, and attracts clients and customers - presented at the Boston Business Alliance 9/23/09

Statistics

Views

Total Views
3,405
Views on SlideShare
3,389
Embed Views
16

Actions

Likes
1
Downloads
119
Comments
0

1 Embed 16

http://www.slideshare.net 16

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Protecting Intellectual Property and Data Loss Prevention (DLP) Protecting Intellectual Property and Data Loss Prevention (DLP) Presentation Transcript

  • Informational Breakfast Meeting* Sponsored by: Boston Business Alliance www.BostonBusinessAlliance.com Protecting Intellectual Property and Data Loss Prevention Are your competitive differentiators and client lists walking out the door? Protect your competitive advantage! September 23, 2009 – 7:00-9:00 AM 800 W. Cummings Park, Suite 4750 Woburn, MA 01801 * Second in a series of Informational Breakfast Events with topics of timely and valuable information for small and medium size business owners and organization leaders
  • Agenda 7:00 Coffee and Networking 7:15 Intellectual Property (IP) – What is it and how do you protect it? (Attorney Vern Maine) 8:00 Information and Data Loss Prevention (Bob Carroll, Consultant) 8:45 Questions and Answers Speakers available for questions 9:00 Adjourn 9/23/09 Boston Business Alliance 2
  • Sponsors Facilities/Location Sponsor: Sunbelt Business Sales & Acquisitions Contact: Mariola Andoni Phone: 781-932-7355 www.sunbeltne.com Refreshment Sponsor: Analytix Solutions Contact: Jason Lefter Phone: 781-503-9000 www.analytixsolutions.com Website Sponsor: Techevolution Contact: Corey Tapper Phone: 781-595-2040 www.techevolution.com 9/23/09 Boston Business Alliance 3
  • Moderator and Speakers Ray Arpin - Moderator Ray Arpin has 30 years of experience working with small companies and start-ups, to Fortune 10, Global 2000, state and federal organizations, in a wide variety of industries and segments. His specialty is business process improvement to increase sales and reduces costs, professional services, and regulatory compliance. Most recently, he is focused on helping companies and individuals quickly apply business best practices, and specifically to become compliant with personal identity security regulations and MA 201 CMR 17.00. For more information, www.rayarpin.com Vern Maine Vernon Maine, of Vern Maine & Associates, leaders in intellectual property strategies and law. Founder and managing partner of the firm. Registered to practice in New Hampshire, Massachusetts, and New York, and before the U.S. Patent and Trademark Office and the Court of Appeals for the Federal Circuit. Founded the practice in 1993, providing legal counseling, services and seminars on intellectual property and business law, including U.S. provisional, utility, and design patents, PCT patent applications, trademarks, copyrights, trade secrets, licensing, infringement, contracts, and related business matters. For more info, www.vernmaine.com Bob Carroll Bob Carroll has more than 20 years experience in information technology, business consulting, data services and engineering. He has been a key contributor on projects running the gamut from the B-2 Stealth Bomber to improving student performance in New England public and private schools. His work involves selecting and implementing next generation strategies, methodologies, and technologies for clients. Most recently, Bob is focused on Data Loss Prevention, Security and Regulatory Compliance, such as Mass 201 CMR 17.00 for private sector business and public sector, such as schools and local government. See www.bobcarrollconsultant.com For more information about the event or Boston Business Alliance, go to: www.BostonBusinessAlliance.com 9/23/09 Boston Business Alliance 4
  • Possible Implications and Why be Concerned? Intellectual Property – most business owners have invested their unique knowledge, experience, experience, and creativity in their business – that should be treated as property and should be protected from competitors Trade Secrets OUTED – What if your confidential business deal with another company to exploit your newly developed technology is scuttled before it is announced because a competitor got wind announced of it and made the other party a better offer for the same technology? technology? Infringing – What happens if you get a “Cease and Desist” letter from a lawyer saying you must lawyer stop using your trademark, or that your production method is infringing their patent, or that your inf ringing website or marketing collateral are using their copyright protected materials? protected Infringed – What happens if your competitor launches a new service using a trademark similar to yours? What if a competitor launches a new website and it has clearly copied images or text from clearly your website? What if you just invented a new gizmo and filed a patent application and are investing to get it into production, and your competitor comes out with a product just like it? out Employee Obligations – What control do you have over an employee’s intellectual contributions contributions and confidentiality during and after his or her employment ends? Data [Information] Loss – important and confidential information may be walking out the door door or even unintentionally leaked to others; even competitors – such as client lists or information Compliance – HIPAA in health and benefits, FTC ‘Red Flags Rule’, GLBA and BASEL II in finance, BASEL MASS. 201 CMT 17.00, Electronic Medical records – all require protection of data/information Data Loss during Downsizing – As employees exit, does the corporate data? What about loss by way of temporary or contract help? Possible Fines – $5,000 per occurrence, and/or per person effected or compromised; in addition compromised; to a basis for a law suit, bad publicity, and other serious risks risks Professional Malpractice Risks – if you are an attorney, CPA, doctor, or any other professional, did you know that you are at risk for a malpractice lawsuit if you fail to adequately protect client you information? 9/23/09 Boston Business Alliance 5
  • What is Intellectual Property? Knowledge and/or Expression conceived, created or constructed by a person or entity. Some protectable by NOTICE and REGISTRATION, e.g. patents, trademarks, copyright. Some protectable only by SECRECY and/or CONTRACTS. Some protected by LAW. 9/23/09 Boston Business Alliance 6
  • Elements of Intellectual Property Trademarks Copyright Design & Utility Patents Trade Secrets What’s in your IP portfolio? 9/23/09 Boston Business Alliance 7
  • WHY IP? WHY NOW? IP Strategies help drive the Business Plan! 9/23/09 Boston Business Alliance 8
  • Trademarks – Source Identifiers A word, phrase, symbol or design, sound, smell, or combination. E.G., NBC chimes, Pink Fiberglass, Nike swoosh, golden arches, Harley sound, Microsoft graphics, Apple for computers, Target for department stores. Notice: ™ symbol after the mark Federal reg: – use the ® symbol. 9/23/09 Boston Business Alliance 9
  • Trademarks – 5 steps to protection #1 Choose a defensible mark. #2 Clear the mark. #3 Apply common-law Notice and/or register. #4 Use the mark correctly. #5 Police the Mark 9/23/09 Boston Business Alliance 10
  • Copyright Protects EXPRESSION, not idea) NOTICE: © or Copyright 2008, XYZ Inc. Federal Registration available. Best IP Bang for the Buck! File within 3 months of publication. www.copyright.gov 9/23/09 Boston Business Alliance 11
  • Copyright Ownership 1) author/artist or its employer unless independent contractor 2) joint or co-ownership 3) work for hire ALWAYS use Written Agreements conveying ownership of copyright in important works. 9/23/09 Boston Business Alliance 12
  • What Is a PATENT? Right to Exclude (SUE) others from: – Making – Using – Selling, Offer to sell No Trespassing! – Importing …the Patented Invention! 20-21 year term. Quid pro quo? 9/23/09 Boston Business Alliance 13
  • What Can Be Patented? What Should Be Patented? 9/23/09 Boston Business Alliance 14
  • Design Patents versus Utility Patents Appearance of Articles of Manufacture Structure or Functionality of Methods and Machines 9/23/09 Boston Business Alliance 15
  • Priority Dates and Foreign Filing Rights • First to file vs. First to Invent • U.S. Provisional Patent Applications. • Patent Cooperation Treaty applications preserve right to file in over 130 countries, including U.S. • Regional filing opportunities. 9/23/09 Boston Business Alliance 16
  • PATENT INFRINGMENT 1. Patent Holder must prove Infringer incorporates each & every element of at least 1 independent claim. 2. Infringer is unable to prove the patent invalid or otherwise unenforceable. 9/23/09 Boston Business Alliance 17
  • TRADE SECRETS Information, the disclosure of which would be disadvantageous for the company. Protection against those that MISAPPROPRIATE confidential information. 2 Basic Requirements: 1) Documented Information that has commercial value. 2) Safeguarded by all reasonable means. 9/23/09 Boston Business Alliance 18
  • Trade Secrets – DO’s COMPANY POLICY NON DISCLOSURE CONTRACTS PHYSICAL SECURITY ELECTRONIC SECURITY VET OUTGOING MATERIALS 9/23/09 Boston Business Alliance 19
  • Intellectual Property Rights – Valuable but Perishable Recognize and evaluate IP early. Review portfolio regularly for focus and cost control. Reassess opportunities to exploit your IP regularly to maximize return on investment. 9/23/09 Boston Business Alliance 20
  • Intellectual Property is KING There is an inexhaustible supply of new intellectual property, accessible in some degree to everyone that wants it. The law provides a limited opportunity for those that discover or create it to profit by it. The skillful exploitation of IP is the single biggest factor in business success today. 9/23/09 Boston Business Alliance 21
  • IP Management and Control Have an IP strategy component to the business plan. Demonstrate a top-down commitment to cultivating and protecting IP. Have a rational internal process for handling and safeguarding IP. Conduct employee training regularly. Document, document, document. Search for and Evaluate competitor’s IP with same intensity. 9/23/09 Boston Business Alliance 22
  • Speakers Vern Maine Vernon Maine, of Vern Maine & Associates, leaders in intellectual property strategies and law. Founder and managing partner of the firm. Registered to practice in New Hampshire, Massachusetts, and New York, and before the U.S. Patent and Trademark Office and the Court of Appeals for the Federal Circuit. Founded the practice in 1993, providing legal counseling, services and seminars on intellectual property and business law, including U.S. provisional, utility, and design patents, PCT patent applications, trademarks, copyrights, trade secrets, licensing, infringement, contracts, and related business matters. For more info, www.vernmaine.com Bob Carroll Bob Carroll has more than 20 years experience in information technology, business consulting, data services and engineering. He has been a key contributor on projects running the gamut from the B-2 Stealth Bomber to improving student performance in New England public and private schools. His work involves selecting and implementing next generation strategies, methodologies, and technologies for clients. Most recently, Bob is focused on Data Loss Prevention, Security and Regulatory Compliance, such as Mass 201 CMR 17.00 for private sector business and public sector, such as schools and local government. See www.bobcarrollconsultant.com 9/23/09 Boston Business Alliance 23
  • Possible Implications and Why be Concerned? Intellectual Property – most business owners have invested their unique knowledge, experience, experience, and creativity in their business – that should be treated as property and should be protected from competitors Trade Secrets OUTED – What if your confidential business deal with another company to exploit your newly developed technology is scuttled before it is announced because a competitor got wind announced of it and made the other party a better offer for the same technology? technology? Infringing – What happens if you get a “Cease and Desist” letter from a lawyer saying you must lawyer stop using your trademark, or that your production method is infringing their patent, or that your inf ringing website or marketing collateral are using their copyright protected materials? protected Infringed – What happens if your competitor launches a new service using a trademark similar to yours? What if a competitor launches a new website and it has clearly copied images or text from clearly your website? What if you just invented a new gizmo and filed a patent application and are investing to get it into production, and your competitor comes out with a product just like it? out Employee Obligations – What control do you have over an employee’s intellectual contributions contributions and confidentiality during and after his or her employment ends? Data [Information] Loss – important and confidential information may be walking out the door door or even unintentionally leaked to others; even competitors – such as client lists or information Compliance – HIPAA in health and benefits, FTC ‘Red Flags Rule’, GLBA and BASEL II in finance, BASEL MASS. 201 CMT 17.00, Electronic Medical records – all require protection of data/information Data Loss during Downsizing – As employees exit, does the corporate data? What about loss by way of temporary or contract help? Possible Fines – $5,000 per occurrence, and/or per person effected or compromised; in addition compromised; to a basis for a law suit, bad publicity, and other serious risks risks Professional Malpractice Risks – if you are an attorney, CPA, doctor, or any other professional, did you know that you are at risk for a malpractice lawsuit if you fail to adequately protect client you information? 9/23/09 Boston Business Alliance 24
  • What is DLP ? Data Loss Prevention (DLP) is a computer security term referring to systems that identify, monitor, and protect data World World Wide Wide Web Web 0111011000111 At Rest .qbm .qbm .qbb .qbb Endpoints In Motion 9/23/09 Boston Business Alliance 25
  • Data Loss Prevention Drivers Customer Data Corporate Data Intellectual Prop. Confidential Social Sec. Num. Financials Source code Data Credit Card Data Mergers and acquisitions Design documents Types Health Records Employee data Work products 1:400 Messages contains confidential data 1:50 Network files is wrongly exposed The Risk 4:5 Companies lost data on laptops 1:2 Lost Data on USB Devices 9/23/09 Boston Business Alliance 26
  • Areas of Concern How Concerned are you about the following sources of data leaks Out of a maximum rating of ‘5’ 4 3 2 1 0 -1 -2 -3 Accidents Insider theft Network Theft or loss Espionage penetration Note: Mean average ratings based on a five-point scale where 1 is “not at all concerned” and 5 is “extremely concerned” five- “extremely Data: Informationweek Analytics Data Loss Prevention Survey of 218 business technology professionals technology 9/23/09 Boston Business Alliance 27
  • The Concern is Well Founded 9/23/09 Boston Business Alliance 28
  • …And Of course there is the elephant in the room that people don’t want to talk about: Data Loss Risks During Downsizing As employees exit, so does the corporate data 9/23/09 Boston Business Alliance 29
  • For the Non-Believers What type of confidential, sensitive or proprietary information did you keep after leaving your former company? 9/23/09 Boston Business Alliance 30
  • How Was Data Removed? 9/23/09 Boston Business Alliance 31
  • Other Reasons for DLP ? Most SMB’s fall are regulated by law(s) that mandate controls over information; – Sarbanes-Oxley (SOX) Act – HIPAA in health and benefits – American Recovery and Reinvestment Act (ARRA) – FTC ‘Red Flags Rule’ – Gramm-Leach-Bliley Act and Basel II in finance – MASS. 201 CMR 17.00 – Payment Card Industry (PCI) Data Security Standard (DSS) 9/23/09 Boston Business Alliance 32
  • So, What Should I Do? DLP is more than just technology A comprehensive initiative or Program – Strategy – People – Process – Technology Outline ‘DLP Recipes’ (Recommendations) Recommendations Recipes for DLP Recipes for DLP Check Bostonbusinessalliance.com for ‘How To’s’ links, resources, Check Bostonbusinessalliance.com for ‘How To’s’ links, resources, and articles and articles 9/23/09 Boston Business Alliance 33
  • Strategy Stakeholders and business owners need to be aware of this and understand the concepts and consequences Governance – What applies to your business? – 201 CMR 17.00 ? – FTC Red Flag ? – HIPAA ? Put policies and agreements in place Recommendations Start with an assessment. Where is the risk, what is the risk and how Start with an assessment. Where is the risk, what is the risk and how much could ititcost my business ?? much could cost my business Adopt an acceptable Use policy ––(no ititis not ok to view pornography Adopt an acceptable Use policy (no is not ok to view pornography on company resources.) on company resources.) Consider Free and Open Source (Truecrypt, Pretty Good Privacy, PGP) Consider Free and Open Source (Truecrypt, Pretty Good Privacy, PGP) Execute non-Compete, NDA, Confidentiality Execute non-Compete, NDA, Confidentiality 9/23/09 Boston Business Alliance 34
  • People Most likely the biggest risk to SMB – If you use Temporary Labor Bookkeepers Paralegals Clerks Contract attorneys – If you use contractors (1099) Recommendations Assign roles and responsibilities e.g. “Data Stewards” Assign roles and responsibilities e.g. “Data Stewards” Conduct initial and ongoing training and record acceptance Conduct initial and ongoing training and record acceptance Allow access on “Need to know” basis only Allow access on “Need to know” basis only PRIOR to the employee leaving, companies should monitor the PRIOR to the employee leaving, companies should monitor the employee’s access to the network or system to make sure sensitive employee’s access to the network or system to make sure sensitive and confidential data is not being downloaded or send to the and confidential data is not being downloaded or send to the employee’s personal email account. employee’s personal email account. 9/23/09 Boston Business Alliance 35
  • Process Identify your Intellectual Property and confidential data Are Standard Operating Procedures (SOP) or Written Information Security Program (WISP) required by law? Understand your processes Are there safeguards and audits built into the process – catching what is missing Recommendations Ensure that policies and procedures clearly state former employees will no Ensure that policies and procedures clearly state former employees will no longer have access to sensitive and confidential information they used in their longer have access to sensitive and confidential information they used in their jobs. Enforce this! jobs. Enforce this! Where possible and practical, use standard automated workflow processes and Where possible and practical, use standard automated workflow processes and forms. These are easier to monitor and safeguard forms. These are easier to monitor and safeguard Re-think the process of how you send data and email Re-think the process of how you send data and email -Encryption -Encryption -sftp, https:// -sftp, https:// 9/23/09 Boston Business Alliance 36
  • Technology Start small with the high value data The notion of ‘Reasonable,’ ‘Usual and Customary’ Break up the problem: – Data in use (e.g., endpoint actions), – Lost or stolen laptops – Data in motion (e.g., network actions), – Email – Instant messaging – Data at rest (e.g., data storage) – Who has access – Secure storage Recommendations Ensure that basics are in place: Ensure that basics are in place: -Patches are applied, AV and malware protection, Firewalls -Patches are applied, AV and malware protection, Firewalls Prevent access to and downloads from sensitive data Prevent access to and downloads from sensitive data Encryption –data, computers, and email (passwords on files ≠ encryption) Encryption –data, computers, and email (passwords on files ≠ encryption) Shift the responsibility to hosted or third parties ––the cloud Shift the responsibility to hosted or third parties the cloud Keep your kids off ‘work’ computers and NO P2P Keep your kids off ‘work’ computers and NO P2P 9/23/09 Boston Business Alliance 37
  • Questions and Answers 9/23/09 Boston Business Alliance 38
  • Call to Action Intellectual Property – Have an IP strategy component to the business plan – Demonstrate a top-down commitment to cultivating and protecting IP – Have a rational internal process for handling and safeguarding IP – Conduct employee training regularly – Document, document, document – Search for and Evaluate competitor’s IP with same intensity Data Loss Prevention – Understand and mitigate the risks – Know where information resides, especially electronic – Get educated You have taken the first step – Visit Bostonbusinessalliance.com for new details and information 9/23/09 Boston Business Alliance 39
  • Closing and Adjourn Reminder about Boston Business Alliance – Visit website for suggesting Hot Topics for these type of meetings – Invite other small business owners and peers who might benefit – Register for future meetings – Ask us to put your name on our email list to be notified of future meetings and events Evaluation form – Please complete and leave on the table going out so that we can continuously improve 9/23/09 Boston Business Alliance 40
  • Sponsors Facilities/Location Sponsor: Sunbelt Business Sales & Acquisitions Contact: Mariola Andoni Phone: 781-932-7355 www.sunbeltne.com Refreshment Sponsor: Analytix Solutions Contact: Jason Lefter Phone: 781-503-9000 www.analytixsolutions.com Website Sponsor: Techevolution Contact: Corey Tapper Phone: 781-595-2040 www.techevolution.com 9/23/09 Boston Business Alliance 41
  • Contact Information Boston Business Alliance – www.BostonBusinessAlliance.com – See website for additional Contact and Member information Attorney Vern Maine – Phone: (603) 886-6100 x7007 – Email: vmaine@vernmaine.com – Website: www.vernmaine.com Bob Carroll – Phone: (617) 314-9813 – Email: bob@bob-carroll.com – Website: www.bobcarrollconsultant.com See our website and handouts for other contacts, along with information on Intellectual Property, Data Loss Prevention, the Boston Business Alliance, our members and our sponsors. – www.BostonBusinessAlliance.com Feel free to pick up any of the handouts on the table. 9/23/09 Boston Business Alliance 42
  • Appendix Slides 9/23/09 Boston Business Alliance 43
  • Applicable Statutes and Regulations Sarbanes-Oxley (SOX) Visibility and disclosure regulations for public companies Gramm-Leach-Bliley Act of 1999 (sometimes called the financial modernization act HIPAA – Health Insurance Portability and Accountability Act of 1996 places requirements on the health care industry FTC ‘Red Flags Rule’ – for law firms, professional services, and financial institutions MASS. 201 CMR 17.00 for Personal Identity Information PCI-DSS Payment Card Industry Data Security Standards – For processing credit cards FERPA- Family Educational Rights and Privacy Act – If you deal with public schools BASEL – Bank of International Settlements – Banking laws 9/23/09 Boston Business Alliance 44
  • Technology Terms Data Loss Prevention (DLP) - Data Loss Prevention (DLP) is a computer security term referring to systems that identify, monitor, and protect data: at the endpoints - in use (USB devices, laptops, PDA, iPhone), in motion (e.g., moving through the network – browsers and email), and data at rest (file systems, databases, and other storage Encryption – Transforming information using and algorithm Firewall – A device or software designed to block unauthorized access while permitting authorized comm. Free and Open Source Software – An alternative to Microsoft Windows. Linux and Apache are the most famous https:// – Hypertext Transfer Protocol - Secure Malware – Malicious Software - Software that infiltrates an owners computer without the owner’s informed consent SFTP Secure File Transfer Protocol – A means of securely transmitting data FERPA- Family Educational Rights and Privacy Act – If you deal with public schools 9/23/09 Boston Business Alliance 45