protecting intellectual property and data loss prevention (dlp)

Protecting Intellectual Property and Protecting Intellectual Property and

Data Loss PreventionData Loss Prevention

Are your competitive differentiators and client Are your competitive differentiators and client lists walking out the door?lists walking out the door?

Protect your competitive advantage!Protect your competitive advantage!

** Second in a series of Informational Breakfast Events with topicsSecond in a series of Informational Breakfast Events with topics of timely and valuable information for small and of timely and valuable information for small and medium size business owners and organization leadersmedium size business owners and organization leaders

Informational Breakfast Meeting*Sponsored by: Boston Business Alliance

www.BostonBusinessAlliance.com

September 23, 2009 September 23, 2009 –– 7:007:00--9:00 AM9:00 AM800 W. Cummings Park, Suite 4750800 W. Cummings Park, Suite 4750

Woburn, MA 01801Woburn, MA 01801

9/23/099/23/09 Boston Business AllianceBoston Business Alliance 22

AgendaAgenda

7:007:00 Coffee and NetworkingCoffee and Networking

7:157:15 Intellectual Property (IP) Intellectual Property (IP) –– What is it and What is it and how do you protect it?how do you protect it?

(Attorney Vern Maine)(Attorney Vern Maine)

8:008:00 Information and Data Loss PreventionInformation and Data Loss Prevention

(Bob Carroll, Consultant)(Bob Carroll, Consultant)

8:458:45 Questions and AnswersQuestions and Answers

Speakers available for questionsSpeakers available for questions

9:009:00 AdjournAdjourn


SponsorsSponsors

Website Sponsor:

TechevolutionContact: Corey TapperPhone: 781-595-2040www.techevolution.com

Facilities/Location Sponsor:

Sunbelt Business Sales & AcquisitionsContact: Mariola AndoniPhone: 781-932-7355www.sunbeltne.com

Refreshment Sponsor:

Analytix SolutionsContact: Jason LefterPhone: 781-503-9000www.analytixsolutions.com


Moderator and SpeakersModerator and Speakers

For more information about the event or Boston Business Alliance, go to:www.BostonBusinessAlliance.com

Bob CarrollBob Carroll has more than 20 years experience in information technology, business consulting, data services and engineering. He has been a key contributor on projects running the gamut from the B-2 Stealth Bomber to improving student performance in New England public and private schools. His work involves selecting and implementing next generation strategies, methodologies, and technologies for clients. Most recently, Bob is focused on Data Loss Prevention, Security and Regulatory Compliance, such as Mass 201 CMR 17.00 for private sector business and public sector, such as schools and local government. See www.bobcarrollconsultant.com

Vern MaineVernon Maine, of Vern Maine & Associates, leaders in intellectual property strategies and law. Founder and managing partner of the firm. Registered to practice in New Hampshire, Massachusetts, and New York, and before the U.S. Patent and Trademark Office and the Court of Appeals for the Federal Circuit. Founded the practice in 1993, providing legal counseling, services and seminars on intellectual property and business law, including U.S. provisional, utility, and design patents, PCT patent applications, trademarks, copyrights, trade secrets, licensing, infringement, contracts, and related business matters. For more info, www.vernmaine.com

Ray Arpin - ModeratorRay Arpin has 30 years of experience working with small companies and start-ups, to Fortune 10, Global 2000, state and federal organizations, in a wide variety of industries and segments. His specialty is business process improvement to increase sales and reduces costs, professional services, and regulatory compliance. Most recently, he is focused on helping companies and individuals quickly apply business best practices, and specifically to become compliant with personal identity security regulations and MA 201 CMR 17.00. For more information, www.rayarpin.com


Possible Implications and Why be Possible Implications and Why be

Concerned?Concerned?�� Intellectual Property Intellectual Property –– most business owners have invested their unique knowledge, expemost business owners have invested their unique knowledge, experience, rience,

and creativity in their business and creativity in their business –– that should be treated as that should be treated as propertyproperty and should be protected from and should be protected from

competitorscompetitors

�� Trade SecretsTrade Secrets OUTED OUTED –– What if your confidential business deal with another company toWhat if your confidential business deal with another company to exploit exploit

your newly developed technology is scuttled before it is announcyour newly developed technology is scuttled before it is announced because a competitor got wind ed because a competitor got wind

of it and made the other party a better offer for the same technof it and made the other party a better offer for the same technology? ology?

�� InfringingInfringing –– What happens if you get a “Cease and Desist” letter from a lawyWhat happens if you get a “Cease and Desist” letter from a lawyer saying you must er saying you must

stop using your trademark, or that your production method is infstop using your trademark, or that your production method is infringing their patent, or that your ringing their patent, or that your

website or marketing collateral are using their copyright protecwebsite or marketing collateral are using their copyright protected materials?ted materials?

�� InfringedInfringed –– What happens if your competitor launches a new service using a What happens if your competitor launches a new service using a trademark similar to trademark similar to

yours? What if a competitor launches a new website and it has clyours? What if a competitor launches a new website and it has clearly copied images or text from early copied images or text from

your website? What if you just invented a new gizmo and filed ayour website? What if you just invented a new gizmo and filed a patent application and are patent application and are

investing to get it into production, and your competitor comes oinvesting to get it into production, and your competitor comes out with a product just like it?ut with a product just like it?

�� Employee ObligationsEmployee Obligations –– What control do you have over an employee’s intellectual contriWhat control do you have over an employee’s intellectual contributions butions

and confidentiality during and after his or her employment ends?and confidentiality during and after his or her employment ends?

�� Data [Information] LossData [Information] Loss –– important and confidential information may be walking out the dimportant and confidential information may be walking out the door oor

or even unintentionally leaked to others; even competitors or even unintentionally leaked to others; even competitors –– such as client lists or informationsuch as client lists or information

�� ComplianceCompliance –– HIPAA in health and benefits, FTC ‘Red Flags Rule’, GLBA and BASHIPAA in health and benefits, FTC ‘Red Flags Rule’, GLBA and BASEL II in finance, EL II in finance,

MASS. 201 CMT 17.00, Electronic Medical records MASS. 201 CMT 17.00, Electronic Medical records –– all require protection of data/informationall require protection of data/information

�� Data Loss during Downsizing Data Loss during Downsizing –– As employees exit, does the corporate data? What about loss byAs employees exit, does the corporate data? What about loss by

way of temporary or contract help?way of temporary or contract help?

�� Possible FinesPossible Fines –– $5,000 per occurrence, and/or per person effected or compromise$5,000 per occurrence, and/or per person effected or compromised; in addition d; in addition

to a basis for a law suit, bad publicity, and other serious riskto a basis for a law suit, bad publicity, and other serious riskss

�� Professional Malpractice RisksProfessional Malpractice Risks –– if you are an attorney, CPA, doctor, or any other professional, if you are an attorney, CPA, doctor, or any other professional,

did you know that you are at risk for a malpractice lawsuit if ydid you know that you are at risk for a malpractice lawsuit if you fail to adequately protect client ou fail to adequately protect client

information?information?


What is Intellectual Property?What is Intellectual Property?

��KnowledgeKnowledge and/or and/or ExpressionExpressionconceived, created or constructed conceived, created or constructed by a person or entity.by a person or entity.

�� Some protectable by Some protectable by NOTICENOTICE and and REGISTRATIONREGISTRATION, e.g. patents, , e.g. patents, trademarks, copyright.trademarks, copyright.

�� Some protectable only by Some protectable only by SECRECYSECRECYand/or and/or CONTRACTSCONTRACTS..

�� Some protected by Some protected by LAWLAW..


Elements of Intellectual PropertyElements of Intellectual PropertyElements of Intellectual Property

�Trademarks

�Copyright

�Design & Utility Patents

�Trade Secrets

What’s in your IP portfolio?

�� TrademarksTrademarks

�� CopyrightCopyright

�� Design & Utility PatentsDesign & Utility Patents

�� Trade SecretsTrade Secrets

What’s in your IP portfolio?What’s in your IP portfolio?


WHY IP? WHY IP?

WHY NOW?WHY NOW?IP Strategies help IP Strategies help

drive the Business drive the Business

Plan!Plan!


Trademarks Trademarks –– Source IdentifiersSource Identifiers

A word, phrase, symbol or design, A word, phrase, symbol or design, sound, smell, or combination.sound, smell, or combination.

E.G., NBC chimes, Pink Fiberglass, E.G., NBC chimes, Pink Fiberglass, Nike swoosh, golden arches, Harley Nike swoosh, golden arches, Harley sound, Microsoft graphics, Apple for sound, Microsoft graphics, Apple for computers, Target for department computers, Target for department stores.stores.

��Notice: Notice: ™™ symbol after the marksymbol after the mark

�� Federal reg: Federal reg: –– use the use the ®® symbol.symbol.


Trademarks Trademarks –– 5 steps to protection5 steps to protection

#1 Choose a defensible mark.#1 Choose a defensible mark.

#2 Clear the mark.#2 Clear the mark.

#3 Apply common#3 Apply common--law Notice and/or law Notice and/or register.register.

#4 Use the mark correctly.#4 Use the mark correctly.

#5 Police the Mark#5 Police the Mark


CopyrightCopyright

�� Protects EXPRESSION, not idea)Protects EXPRESSION, not idea)

��NOTICE:NOTICE:

©© or or Copyright 2008, XYZ Inc.Copyright 2008, XYZ Inc.

�� Federal Registration available.Federal Registration available.

�� Best IP Bang for the Buck!Best IP Bang for the Buck!

�� File within 3 months of publication.File within 3 months of publication.

��www.copyright.govwww.copyright.gov


Copyright OwnershipCopyright Ownership

1) author/artist or its employer unless 1) author/artist or its employer unless

independent contractor independent contractor

2) joint or co2) joint or co--ownership ownership

3) work for hire3) work for hire

ALWAYS use Written Agreements ALWAYS use Written Agreements

conveying ownership of copyright in conveying ownership of copyright in

important works.important works.


What Is a What Is a PATENTPATENT??

��Right to Exclude (SUE) others from: Right to Exclude (SUE) others from:

––MakingMaking

––UsingUsing

––Selling, Offer to sellSelling, Offer to sell

––ImportingImporting

…the Patented Invention!…the Patented Invention!

�� 2020--21 year term. 21 year term.

��Quid pro quo?Quid pro quo?

NoTrespassing!


What Can Be Patented?What Can Be Patented?

What Should Be Patented?What Should Be Patented?


Design PatentsDesign Patents

versusversus

Utility PatentsUtility Patents

�� Appearance of Articles of ManufactureAppearance of Articles of Manufacture

�� Structure or Functionality of Methods and Structure or Functionality of Methods and

MachinesMachines


Priority Dates andPriority Dates and

Foreign Filing RightsForeign Filing Rights

•• First to file vs. First to InventFirst to file vs. First to Invent

•• U.S. Provisional Patent Applications. U.S. Provisional Patent Applications.

•• Patent Cooperation Treaty Patent Cooperation Treaty

applications preserve right to file in applications preserve right to file in

over 130 countries, including U.S.over 130 countries, including U.S.

•• Regional filing opportunities.Regional filing opportunities.


PATENT INFRINGMENTPATENT INFRINGMENT

1.1. Patent Holder must prove Patent Holder must prove

Infringer incorporates each Infringer incorporates each

& every element of at least 1 & every element of at least 1

independent claim.independent claim.

2.2. Infringer is unable to prove Infringer is unable to prove

the patent invalid or the patent invalid or

otherwise unenforceable.otherwise unenforceable.


TRADE SECRETSTRADE SECRETS

�� Information, the disclosure of which Information, the disclosure of which

would be disadvantageous for the would be disadvantageous for the

company.company.

�� Protection against those that Protection against those that

MISAPPROPRIATE confidential MISAPPROPRIATE confidential

information. 2 Basic Requirements:information. 2 Basic Requirements:

1) 1) Documented InformationDocumented Information that has that has

commercial value.commercial value.

2) Safeguarded by all reasonable means.2) Safeguarded by all reasonable means.


Trade Secrets Trade Secrets –– DO’sDO’s

��COMPANY POLICYCOMPANY POLICY

��NON DISCLOSURE CONTRACTSNON DISCLOSURE CONTRACTS

��PHYSICAL SECURITYPHYSICAL SECURITY

�� ELECTRONIC SECURITYELECTRONIC SECURITY

��VET OUTGOING MATERIALSVET OUTGOING MATERIALS


Intellectual Property Rights Intellectual Property Rights ––

Valuable but PerishableValuable but Perishable

�� Recognize and evaluate IP early.Recognize and evaluate IP early.

�� Review portfolio regularly for focus Review portfolio regularly for focus

and cost control.and cost control.

�� Reassess opportunities to exploit Reassess opportunities to exploit

your IP regularly to maximize return your IP regularly to maximize return

on investment.on investment.


Intellectual Property is KINGIntellectual Property is KING

�� There is an inexhaustible supply of new There is an inexhaustible supply of new

intellectual property, accessible in some intellectual property, accessible in some

degree to everyone that wants it.degree to everyone that wants it.

�� The law provides a limited opportunity The law provides a limited opportunity

for those that discover or create it to for those that discover or create it to

profit by it. profit by it.

�� The skillful exploitation of IP is the The skillful exploitation of IP is the

single biggest factor in business single biggest factor in business

success today.success today.


IP Management and ControlIP Management and Control

�� Have an IP strategy component to the Have an IP strategy component to the

business plan.business plan.

�� Demonstrate a topDemonstrate a top--down commitment down commitment

to cultivating and protecting IP.to cultivating and protecting IP.

�� Have a rational internal process for Have a rational internal process for

handling and safeguarding IP.handling and safeguarding IP.

�� Conduct employee training regularly.Conduct employee training regularly.

�� Document, document, document.Document, document, document.

�� Search for and Evaluate competitor’s IP Search for and Evaluate competitor’s IP

with same intensity.with same intensity.


SpeakersSpeakers

Vern MaineVernon Maine, of Vern Maine & Associates, leaders in intellectual property strategies and law. Founder and managing partner of the firm. Registered to practice in New Hampshire, Massachusetts, and New York, and before the U.S. Patent and Trademark Office and the Court of Appeals for the Federal Circuit. Founded the practice in 1993, providing legal counseling, services and seminars on intellectual property and business law, including U.S. provisional, utility, and design patents, PCT patent applications, trademarks, copyrights, trade secrets, licensing, infringement, contracts, and related business matters. For more info, www.vernmaine.com

Bob CarrollBob Carroll has more than 20 years experience in information technology, business consulting, data services and engineering. He has been a key contributor on projects running the gamut from the B-2 Stealth Bomber to improving student performance in New England public and private schools. His work involves selecting and implementing next generation strategies, methodologies, and technologies for clients. Most recently, Bob is focused on Data Loss Prevention, Security and Regulatory Compliance, such as Mass 201 CMR 17.00 for private sector business and public sector, such as schools and local government. See www.bobcarrollconsultant.com


Possible Implications and Why be Possible Implications and Why be

Concerned?Concerned?�� Intellectual Property Intellectual Property –– most business owners have invested their unique knowledge, expemost business owners have invested their unique knowledge, experience, rience,

and creativity in their business and creativity in their business –– that should be treated as that should be treated as propertyproperty and should be protected from and should be protected from

competitorscompetitors

�� Trade SecretsTrade Secrets OUTED OUTED –– What if your confidential business deal with another company toWhat if your confidential business deal with another company to exploit exploit

your newly developed technology is scuttled before it is announcyour newly developed technology is scuttled before it is announced because a competitor got wind ed because a competitor got wind

of it and made the other party a better offer for the same technof it and made the other party a better offer for the same technology? ology?

�� InfringingInfringing –– What happens if you get a “Cease and Desist” letter from a lawyWhat happens if you get a “Cease and Desist” letter from a lawyer saying you must er saying you must

stop using your trademark, or that your production method is infstop using your trademark, or that your production method is infringing their patent, or that your ringing their patent, or that your

website or marketing collateral are using their copyright protecwebsite or marketing collateral are using their copyright protected materials?ted materials?

�� InfringedInfringed –– What happens if your competitor launches a new service using a What happens if your competitor launches a new service using a trademark similar to trademark similar to

yours? What if a competitor launches a new website and it has clyours? What if a competitor launches a new website and it has clearly copied images or text from early copied images or text from

your website? What if you just invented a new gizmo and filed ayour website? What if you just invented a new gizmo and filed a patent application and are patent application and are

investing to get it into production, and your competitor comes oinvesting to get it into production, and your competitor comes out with a product just like it?ut with a product just like it?

�� Employee ObligationsEmployee Obligations –– What control do you have over an employee’s intellectual contriWhat control do you have over an employee’s intellectual contributions butions

and confidentiality during and after his or her employment ends?and confidentiality during and after his or her employment ends?

�� Data [Information] LossData [Information] Loss –– important and confidential information may be walking out the dimportant and confidential information may be walking out the door oor

or even unintentionally leaked to others; even competitors or even unintentionally leaked to others; even competitors –– such as client lists or informationsuch as client lists or information

�� ComplianceCompliance –– HIPAA in health and benefits, FTC ‘Red Flags Rule’, GLBA and BASHIPAA in health and benefits, FTC ‘Red Flags Rule’, GLBA and BASEL II in finance, EL II in finance,

MASS. 201 CMT 17.00, Electronic Medical records MASS. 201 CMT 17.00, Electronic Medical records –– all require protection of data/informationall require protection of data/information

�� Data Loss during Downsizing Data Loss during Downsizing –– As employees exit, does the corporate data? What about loss byAs employees exit, does the corporate data? What about loss by

way of temporary or contract help?way of temporary or contract help?

�� Possible FinesPossible Fines –– $5,000 per occurrence, and/or per person effected or compromise$5,000 per occurrence, and/or per person effected or compromised; in addition d; in addition

to a basis for a law suit, bad publicity, and other serious riskto a basis for a law suit, bad publicity, and other serious riskss

�� Professional Malpractice RisksProfessional Malpractice Risks –– if you are an attorney, CPA, doctor, or any other professional, if you are an attorney, CPA, doctor, or any other professional,

did you know that you are at risk for a malpractice lawsuit if ydid you know that you are at risk for a malpractice lawsuit if you fail to adequately protect client ou fail to adequately protect client

information?information?


WorldWideWeb

WorldWideWeb

What is DLP ?What is DLP ?

Data Loss Prevention (DLP) is a Data Loss Prevention (DLP) is a computer security term referring to computer security term referring to systems that identify, monitor, and systems that identify, monitor, and protect dataprotect data

0111011000111

.qbm

.qbb

.qbm

.qbb

Endpoints In Motion

At Rest


Data Loss Prevention DriversData Loss Prevention Drivers

Customer DataCustomer DataSocial Sec. Num.Social Sec. Num.

Credit Card DataCredit Card Data

Health RecordsHealth Records

TheThe

RiskRisk

� 1:400 Messages contains confidential data

� 1:50 Network files is wrongly exposed

� 4:5 Companies lost data on laptops

� 1:2 Lost Data on USB Devices

Corporate DataCorporate DataFinancialsFinancials

Mergers and acquisitionsMergers and acquisitions

Employee dataEmployee data

Intellectual Prop.Intellectual Prop.Source codeSource code

Design documentsDesign documents

Work productsWork products

ConfidentialConfidential

DataData

TypesTypes��

��


Areas of ConcernAreas of Concern

-3

-2

-1

0

1

2

3

4

Accidents Insider theft Network

penetration

Theft or loss Espionage

Note: Mean average ratings based on a fiveNote: Mean average ratings based on a five--point scale where 1 is “not at all concerned” and 5 is “extremelpoint scale where 1 is “not at all concerned” and 5 is “extremely concerned”y concerned”

Data: Data: InformationweekInformationweek Analytics Data Loss Prevention Survey of 218 business technologAnalytics Data Loss Prevention Survey of 218 business technology professionalsy professionals

How Concerned are you about the following sources of data leaksHow Concerned are you about the following sources of data leaks

Out of a maximum rating of ‘5’Out of a maximum rating of ‘5’


The Concern is Well FoundedThe Concern is Well Founded


……AndAnd

Of course there is the elephant in the room that Of course there is the elephant in the room that

people don’t want to talk about:people don’t want to talk about:

Data Loss Risks During DownsizingData Loss Risks During Downsizing

As employees exit, so does the As employees exit, so does the

corporate datacorporate data


What type of confidential, sensitive or proprietary What type of confidential, sensitive or proprietary

information did you keep after leaving your information did you keep after leaving your

former company?former company?

For the NonFor the Non--BelieversBelievers


How Was Data Removed?How Was Data Removed?


Other Reasons for DLP ?Other Reasons for DLP ?

�� Most SMB’s fall are regulated by law(s) Most SMB’s fall are regulated by law(s)

that mandate controls over information;that mandate controls over information;

–– SarbanesSarbanes--Oxley (SOX) Act Oxley (SOX) Act

–– HIPAA in health and benefitsHIPAA in health and benefits

–– American Recovery and Reinvestment Act American Recovery and Reinvestment Act

(ARRA)(ARRA)

–– FTC ‘Red Flags Rule’FTC ‘Red Flags Rule’

–– GrammGramm--LeachLeach--Bliley Act and Basel II in financeBliley Act and Basel II in finance

–– MASS. 201 CMR 17.00MASS. 201 CMR 17.00

–– Payment Card Industry (PCI) Data Security Payment Card Industry (PCI) Data Security

Standard (DSS)Standard (DSS)


So, What Should I Do?So, What Should I Do?

�� DLP is more than just technologyDLP is more than just technology

�� A comprehensive initiative or ProgramA comprehensive initiative or Program

–– StrategyStrategy

–– PeoplePeople

–– ProcessProcess

–– TechnologyTechnology

�� Outline ‘DLP Recipes’ (Recommendations)Outline ‘DLP Recipes’ (Recommendations)

� Recipes for DLP

�Check Bostonbusinessalliance.com for ‘How To’s’ links, resources, and articles

� Recipes for DLP

�Check Bostonbusinessalliance.com for ‘How To’s’ links, resources, and articles

Recommendations


StrategyStrategy

�� Stakeholders and business owners need to be Stakeholders and business owners need to be aware of this and understand the concepts and aware of this and understand the concepts and consequencesconsequences

�� Governance Governance –– What applies to your business?What applies to your business?–– 201 CMR 17.00 ?201 CMR 17.00 ?

–– FTC Red Flag ?FTC Red Flag ?

–– HIPAA ?HIPAA ?

�� Put policies and agreements in placePut policies and agreements in place

� Start with an assessment. Where is the risk, what is the risk and how much could it cost my business ?

� Adopt an acceptable Use policy – (no it is not ok to view pornography on company resources.)

�Consider Free and Open Source (Truecrypt, Pretty Good Privacy, PGP)

�Execute non-Compete, NDA, Confidentiality

� Start with an assessment. Where is the risk, what is the risk and how much could it cost my business ?

� Adopt an acceptable Use policy – (no it is not ok to view pornography on company resources.)

�Consider Free and Open Source (Truecrypt, Pretty Good Privacy, PGP)

�Execute non-Compete, NDA, Confidentiality

Recommendations


PeoplePeople

�� Most likely the biggest risk to SMBMost likely the biggest risk to SMB–– If you use Temporary LaborIf you use Temporary Labor

�� BookkeepersBookkeepers

�� ParalegalsParalegals

�� ClerksClerks

�� Contract attorneysContract attorneys

–– If you use contractors (1099)If you use contractors (1099)

� Assign roles and responsibilities e.g. “Data Stewards”

� Conduct initial and ongoing training and record acceptance

� Allow access on “Need to know” basis only

� PRIOR to the employee leaving, companies should monitor the employee’s access to the network or system to make sure sensitive and confidential data is not being downloaded or send to the employee’s personal email account.

� Assign roles and responsibilities e.g. “Data Stewards”

� Conduct initial and ongoing training and record acceptance

� Allow access on “Need to know” basis only

� PRIOR to the employee leaving, companies should monitor the employee’s access to the network or system to make sure sensitive and confidential data is not being downloaded or send to the employee’s personal email account.

Recommendations


ProcessProcess�� Identify your Intellectual Property and confidential Identify your Intellectual Property and confidential datadata

�� Are Standard Operating Procedures (SOP) or Are Standard Operating Procedures (SOP) or Written Information Security Program (WISP) Written Information Security Program (WISP) required by law?required by law?

�� Understand your processesUnderstand your processes

�� Are there safeguards and audits built into the Are there safeguards and audits built into the process process –– catching what is missingcatching what is missing

� Ensure that policies and procedures clearly state former employees will no longer have access to sensitive and confidential information they used in their jobs. Enforce this!

�Where possible and practical, use standard automated workflow processes and forms. These are easier to monitor and safeguard

� Re-think the process of how you send data and email

-Encryption

-sftp, https://

� Ensure that policies and procedures clearly state former employees will no longer have access to sensitive and confidential information they used in their jobs. Enforce this!

�Where possible and practical, use standard automated workflow processes and forms. These are easier to monitor and safeguard

� Re-think the process of how you send data and email

-Encryption

-sftp, https://

Recommendations


TechnologyTechnology

� Ensure that basics are in place:

-Patches are applied, AV and malware protection, Firewalls

� Prevent access to and downloads from sensitive data

�Encryption –data, computers, and email (passwords on files ≠ encryption)

�Shift the responsibility to hosted or third parties – the cloud

�Keep your kids off ‘work’ computers and NO P2P

� Ensure that basics are in place:

-Patches are applied, AV and malware protection, Firewalls

� Prevent access to and downloads from sensitive data

�Encryption –data, computers, and email (passwords on files ≠ encryption)

�Shift the responsibility to hosted or third parties – the cloud

�Keep your kids off ‘work’ computers and NO P2P

Recommendations

�� Start small with the high value dataStart small with the high value data

�� The notion of The notion of ‘Reasonable‘Reasonable,’ ,’ ‘Usual and Customary‘Usual and Customary’’

�� Break up the problem:Break up the problem:–– Data in use (e.g., endpoint actions), Data in use (e.g., endpoint actions),

–– Lost or stolen laptopsLost or stolen laptops

–– Data in motion (e.g., network actions),Data in motion (e.g., network actions),–– EmailEmail

–– Instant messagingInstant messaging

–– Data at rest (e.g., data storage) Data at rest (e.g., data storage) –– Who has accessWho has access

–– Secure storageSecure storage


Questions and AnswersQuestions and Answers


Call to ActionCall to Action�� Intellectual PropertyIntellectual Property

–– Have an IP strategy component to the business planHave an IP strategy component to the business plan

–– Demonstrate a topDemonstrate a top--down commitment to cultivating and down commitment to cultivating and protecting IPprotecting IP

–– Have a rational internal process for handling and Have a rational internal process for handling and safeguarding IPsafeguarding IP

–– Conduct employee training regularlyConduct employee training regularly

–– Document, document, documentDocument, document, document

–– Search for and Evaluate competitor’s IP with same Search for and Evaluate competitor’s IP with same intensityintensity

�� Data Loss PreventionData Loss Prevention–– Understand and mitigate the risksUnderstand and mitigate the risks

–– Know where information resides, especially electronicKnow where information resides, especially electronic

–– Get educatedGet educated�� You have taken the first stepYou have taken the first step

–– Visit Bostonbusinessalliance.com for new details and Visit Bostonbusinessalliance.com for new details and informationinformation


Closing and AdjournClosing and Adjourn

�� Reminder about Boston Business AllianceReminder about Boston Business Alliance–– Visit website for suggesting Hot Topics for Visit website for suggesting Hot Topics for these type of meetingsthese type of meetings

–– Invite other small business owners and peers Invite other small business owners and peers who might benefitwho might benefit

–– Register for future meetingsRegister for future meetings

–– Ask us to put your name on our email list to be Ask us to put your name on our email list to be notified of future meetings and eventsnotified of future meetings and events

�� Evaluation formEvaluation form–– Please complete and leave on the table going Please complete and leave on the table going out so that we can continuously improveout so that we can continuously improve


SponsorsSponsors

Website Sponsor:

TechevolutionContact: Corey TapperPhone: 781-595-2040www.techevolution.com

Facilities/Location Sponsor:

Sunbelt Business Sales & AcquisitionsContact: Mariola AndoniPhone: 781-932-7355www.sunbeltne.com

Refreshment Sponsor:

Analytix SolutionsContact: Jason LefterPhone: 781-503-9000www.analytixsolutions.com


Contact InformationContact Information�� Boston Business AllianceBoston Business Alliance

–– www.BostonBusinessAlliance.comwww.BostonBusinessAlliance.com

–– See website for additional Contact and Member informationSee website for additional Contact and Member information

�� Attorney Vern MaineAttorney Vern Maine–– Phone: (603) 886Phone: (603) 886--6100 x70076100 x7007

–– Email: Email: [email protected]@vernmaine.com

–– Website: Website: www.vernmaine.com

�� Bob CarrollBob Carroll–– Phone: (617) 314Phone: (617) 314--98139813

–– Email: Email: bob@[email protected]

–– Website: Website: www.bobcarrollconsultant.com

See our website and handouts for other contacts, along with information on Intellectual Property, Data Loss Prevention, the Boston Business Alliance, our members and our sponsors.–– www.BostonBusinessAlliance.comwww.BostonBusinessAlliance.com

Feel free to pick up any of the handouts on the table.


Appendix SlidesAppendix Slides


Applicable Statutes and RegulationsApplicable Statutes and Regulations

�� SarbanesSarbanes--OxleyOxley (SOX) Visibility and disclosure (SOX) Visibility and disclosure regulations for public companiesregulations for public companies

�� GrammGramm--LeachLeach--Bliley ActBliley Act of 1999 (sometimes called of 1999 (sometimes called the financial modernization actthe financial modernization act

�� HIPAAHIPAA –– Health Insurance Portability and Accountability Health Insurance Portability and Accountability Act of 1996 places requirements on the health care Act of 1996 places requirements on the health care industryindustry

�� FTC ‘Red Flags Rule’FTC ‘Red Flags Rule’ –– for law firms, professional for law firms, professional services, and financial institutionsservices, and financial institutions

�� MASS. 201 CMR 17.00MASS. 201 CMR 17.00 for Personal Identity for Personal Identity InformationInformation

�� PCIPCI--DSSDSS Payment Card Industry Data Security Payment Card Industry Data Security Standards Standards –– For processing credit cardsFor processing credit cards

�� FERPAFERPA-- Family Educational Rights and Privacy Act Family Educational Rights and Privacy Act –– If If you deal with public schoolsyou deal with public schools

�� BASELBASEL –– Bank of International Settlements Bank of International Settlements –– Banking Banking lawslaws


Technology TermsTechnology Terms

�� Data Loss Prevention (DLP) Data Loss Prevention (DLP) -- Data Loss Prevention (DLP) is Data Loss Prevention (DLP) is a computer security term referring to systems that identify, a computer security term referring to systems that identify, monitor, and protect data: at the endpoints monitor, and protect data: at the endpoints -- in use (USB in use (USB devices, laptops, PDA, iPhone), in motion (e.g., moving devices, laptops, PDA, iPhone), in motion (e.g., moving through the network through the network –– browsers and email), and data at rest browsers and email), and data at rest (file systems, databases, and other storage(file systems, databases, and other storage

�� EncryptionEncryption –– Transforming information using and algorithm Transforming information using and algorithm

�� Firewall Firewall –– A device or software designed to block A device or software designed to block unauthorized access while permitting authorized comm.unauthorized access while permitting authorized comm.

�� Free and Open Source SoftwareFree and Open Source Software –– An alternative to An alternative to Microsoft Windows. Linux and Apache are the most famousMicrosoft Windows. Linux and Apache are the most famous

�� https://https:// –– Hypertext Transfer Protocol Hypertext Transfer Protocol -- SSecureecure

�� Malware Malware –– Malicious Software Malicious Software -- Software that infiltrates an Software that infiltrates an owners computer without the owner’s informed consentowners computer without the owner’s informed consent

�� SFTPSFTP Secure File Transfer Protocol Secure File Transfer Protocol –– A means of securely A means of securely transmitting datatransmitting data

�� FERPAFERPA-- Family Educational Rights and Privacy Act Family Educational Rights and Privacy Act –– If you If you deal with public schoolsdeal with public schools