Intellectual property (IP) theft of corporate intellectual property can have significant ramifications for businesses and other entities. Corporate IP includes a variety of assets, such as patented technologies, trade secrets, copyrighted information and marketing materials, marketing and pricing plans, customer and partner data, and business reputation. IP assets play a valuable role in a business’s capability to expand or restructure. In particular, intellectual property can be used as collateral as part of IP-backed loans, IP collateral enhancement, IP royal securitization, IP sale and license-back transactions, and others. As such, loss of intellectual property assets can diminish the opportunities and value of a business entity. These losses are further exacerbated by the unavailability of adequate remedies and/or the fact that some assets, like trade secrets, are unrecoverable.
As a result, it is important for business entities to take actions to prevent theft of their intellectual property. Although no strategy can provide a 100% guarantee against theft, risk can be significantly minimized.
A first step in preventing intellectual property theft is identifying the “bad actors,” or those who result in loss of intellectual property, whether intentionally or unintentionally. Typically, the bad actors involved in corporate intellectual property theft are current employees, leaving employees, and external hackers. Often existing employees who cause a data breach do so unintentionally. For example, employees may inadvertently contribute to theft via email phishing scams, ransomware, and other accidental leaks of information. To prevent such losses, it is important to train employees on identifying emails from external sources, and keep employees apprised of the latest malware and scams perpetuated by bad actors.
In some cases, information is lost via leaving employees who intentionally take information with them, i.e. insider theft. Very few insiders steal intellectual property to sell it (although this does happen), rather, most take it with them for use at a new job or to start a competing business. Information is generally stolen via email, removable media, remote network access, file transfer, downloads to laptops, and printed materials. Critically, most of these thefts occur within the first month after an employee has left.
Businesses can prevent or minimize such theft, and the impact thereof through a number of policies. First, businesses should establish procedures to ensure cloud storage security and proper authentication for accessing intellectual property assets. Employees should also sign intellectual property agreements, relinquishing any rights in corporate intellectual property. Additionally, companies can use monitoring software to track actions (such as file transfers, downloads, and email transfers) taken on intellectual property assets.
Businesses should also develop proper off-boarding of employees. This process typically includes steps such as removing a former employee’s access to sensitive assets or information, tracking any actions taken by the former employee on assets, requesting the employee return any intellectual property taken or in the possession of the employee, and where theft is suspected, using digital forensic investigation to discover the nature and scope of the theft.
Where the bad actors involve foreign states or unidentified hackers, companies have poor remedies for intellectual property theft. However, in the far more common case of loss of information by existing or former employees, businesses can take concrete steps to prevent theft. These simple steps can prevent the loss of key assets and safeguard a business’s future.