I think we can all agree that COVID-19 is one of the most significant health events of our lifetime. Many of you are likely sheltering in place, working remotely, and trying to make the best of a very difficult situation. Thankfully, technology is helping make this difficult situation a bit more palatable when it comes to online legal practice, including the use of mobile devices, videoconferencing, and remote access apps and platforms. Although a great help to the practice of law, we all look forward to the day when restrictions are lifted and our practices (and economy) can get back on track and operating under more normal circumstances. What you may not realize, however, is that this pandemic is placing more than your health at risk.
Given the current restrictions in the US and many foreign countries, most of you are relying on technology to remain of service to your company (or clients). Oddly, it seems that the current pandemic restrictions have helped us leverage technology even more in our practices. It has helped us engage in more videoconference calls; remotely access, edit, and collaborate on documents; and otherwise coordinate discovery and litigation with opposing counsel and the courts electronically. With such technological capabilities, however, come equally challenging issues regarding the valuable intellectual property of your company (or client).
By now, most of you have probably heard about the security issues faced by Zoom Video Communications regarding its online video conferencing system, forcing the company to disable certain features on the popular platform. From unauthorized access of conference calls to what has become known as “zoom-bombing,” the online videoconferencing solution has faced withering criticism from the user community to address these vulnerabilities. Although most of the reported unauthorized eavesdropping on this platform appears to have been more akin to vulgar pranks than espionage, imagine a competitor or nation-state hacker gaining access to a conference call where valuable IP is being discussed. Think I am being paranoid? Think again.
Just as we have come to realize firsthand the importance of taking steps to help minimize proliferation of COVID-19, your company (and clients) need to realize the importance of remaining vigilant with their IP under these circumstances. Here are three considerations that immediately come to mind:
- Be Wary of SaaS and Remote Access Vulnerabilities. It should come as no surprise that the aforementioned security vulnerabilities are not limited to videoconferencing. Any remote access to systems that contain valuable IP harbors risk. As I have written before here and here, for example, security optimization and data compartmentalization via network segmentation is critical for any company that is permitting remote access by its personnel. Unfortunately, the COVID-19 pandemic forced many organizations to rely heavily upon existing infrastructure that may not have been hardened to such attacks. More importantly, it has forced many organizations to scramble to engage third-party providers to maintain operational continuity without a full understanding of the risks presented by the use of such platforms. Don’t remain inattentive to the details here — now, more than ever, continued diligence is key.
- Re-Assess IP Portfolio Vulnerabilities. A corollary to the above point is to re-assess where valuable IP resides and how it needs to be accessed during this pandemic. Now is not the ideal time to begin to take stock of the situation (if that is the case, your company or client is likely way behind the curve), but if such steps have not been taken already then they should be approached with gusto. Think of some of the steps taken in implementing a valid trade secret protection program as an example — at a minimum, identifying those requiring access to all (or part) of the trade-secret information, addressing necessary implementation of appropriate physical and virtual security controls to such information, and implementing the requisite audit control of such access. Like data mapping required to understand acquisition of personally identifiable information for GDPR compliance, mapping a company’s IP internally for access through the cloud is a vital step to understanding and rating specific and acceptable data risk. If the organization is unable or unwilling to do so, they do so at their own peril.
- Prepare a Post-Pandemic IP Game Plan. This point is perhaps the most problematic because it requires a somewhat apocalyptic approach. Let’s be honest: the economy has drastically slowed down as a result of the required steps to impede (if not halt) the spread of COVID-19 in the US and many countries globally. It is not a stretch to presume that when restrictions lift, the economy will not immediately rebound like nothing happened, but will likely take time to get running at full speed –- a process that will not be without its own fits and starts. Certain organizational considerations for IP acquisition pre-pandemic may no longer be viable. Pre-pandemic priorities may require significant realignment. The point here is that one of the most important things your company (or client) can do is to re-evaluate its IP commercialization strategy now so that it can adapt it to a post pandemic world.
I continue to hope and pray that everyone is weathering this COVID-19 pandemic well and is approaching the future with optimism. That said, we all need to be realistic in assessing IP risk both during this pandemic and after it passes. This may not be an easy task for many, but I promise you it is a necessary one. If you don’t inoculate your practices and IP by taking these steps, you may just find yourself wanting to stay sheltered in place from the fallout.
Tom Kulik is an Intellectual Property & Information Technology Partner at the Dallas-based law firm of Scheef & Stone, LLP. In private practice for over 20 years, Tom is a sought-after technology lawyer who uses his industry experience as a former computer systems engineer to creatively counsel and help his clients navigate the complexities of law and technology in their business. News outlets reach out to Tom for his insight, and he has been quoted by national media organizations. Get in touch with Tom on Twitter (@LegalIntangibls) or Facebook (www.facebook.com/technologylawyer), or contact him directly at firstname.lastname@example.org.
This article is sourced from : Source link