Inside job: without the right IP protection, internal abuse is a fear-inducing threat.

• Author: Green, Robert P.
• Position: IPPROTECTION

If you are a business owner or manager, you likely shoulder the responsibility to safeguard your business' assets, including information such as trade secrets and employee and customer personal information.

And while you may focus on protecting that information from outside attacks, current governmental and security agencies studies show that more than 50 percent of information-related breaches are attributed to corporate mismanagement of data or to insiders who either have too much access to such information or who abuse the access they have. These breaches include unauthorized access to information, loss of laptop and mobile devices, theft of proprietary information, and insider e-mail abuses, among others.

Such breaches can mean heavy financial and legal consequences for the company and for the managers overseeing the information that was compromised, not to mention harming relationships with existing and future customers.

The special challenge of protecting patents, trade secrets and other key information commonly classified under the umbrella of intellectual property is the need for two separate, yet dependent disciplines: technical and legal.

A company needs technical and information management professionals who can set up computer systems that will reduce the risk of harm, yet speed up the recovery time if the worst does happen.

The company also needs legal professionals who can ensure that the appropriate legal systems are in place, so employees understand their obligations and managers are ready to handle problems when they arise.

To this end, a company culture where employees and management respect each other's legal rights is imperative. The rules must be plainly stated and everyone is expected to follow them. Start with the basic: employee handbooks must contain appropriate language defining proprietary information and prohibiting employees from using or disclosing that information for any purpose other than in pursuit of the company's business. Employees should sign an acknowledgement that they have received and reviewed the handbook. Any employee with access to confidential information also should sign an agreement acknowledging that the information is the property of the company.

It's true that most companies take these basic steps. And it's also true that many companies go no further. Don't neglect other opportunities to remind employees of their obligations. Examples include discussing IP in staff meetings and exit interviews; assigning this responsibility to a manager (who's also responsible for protecting the information); and consider asking your corporate counsel to give a presentation...