Check-list: protecting intellectual property

A Guide for start-ups

Any cybersecurity specialist will say (and you will see deep sadness in their eyes at that moment) that any modern intellectual protection collapses like a house of cards under the influence of the human factor.

Some facts

In 2020, the amount of losses from cybercrime increased by 12 times and approached 450 trillion ₽ (6 trillion $). Moreover, in 95% of cases, data leakage is associated with the fact that people personally give out important information about themselves and their company.

Companies often forget about the simple steps that will protect the company and its employees by 90% from theft of intellectual property. But even more often, the executives of even super-modern-enterprise companies simply neglect the protection of company, employees and customers (search for: “Kaseya news”).

Based on the experience of AMAI we will talk about crucial things that young start-up companies need to consider, but first, an important note.

The basics

Keep in mind that every intellectual property belongs to the one who first made that particular design, code, text, etc. It’s not necessary to register copyright separately, BUT only if you can prove the fact of creation: that it was you who had first created this product of human genius. Accordingly, any employment contract includes rights repurchase (or exclusive rights) to use your labor, but not the fact of your authorship.

It is important to follow simple rules in order to always be able to prove the fact of creation and protect all intellectual property: depending on the size of the startup and the scale of your enterprise, you can choose between an easy and a difficult way of protection.

Light Level

1. Keeping the records. You should keep records of the whole process of implementation in a safe place and in a structured way. This will be enough to prove your rights for property.
2. Keeping the contract + specific NDA with the links to the tools and channels that are covered by this NDA. The more specific the better. Abstract phrases such as everything that a person does belong to the company has no legal value. In general, even in the US it is difficult to prove that your NDA has been violated, not talking about the rest of the world.
3. Give access to the tools for work only through corporate mail. Remember that emails store everything and if you send access to the crucial information to personal email, it will remain there. And you will not prove that it belongs to you.
4. For communication, use tools like Teams, Slack, Asana, Clickup, etc., and not messengers via which you can send all information to people outside in 2 clicks. The protection of private comunication will not allow you to prove that someone shared your message.
5. Manage and limit the rights at the level of all tools for work. Forget the word “public access”.
6. Sending payment through services like Upwork, Payoneer, LetsDeel, etc. will serve as additional protection for remote teams. The user agreement of this service and the very fact of the payment certified by a third party will serve as additional protection and another proof of your rights.
7. Be careful with google docks and all that. They often become the main source of information for hackers.

Hard level

1. Patent and Deposit. Anything can be deposited, while to register a patent it is necessary to prove the uniqueness of your solution. But remember that copyright is valid from the moment the product is created.
2. Separate contracts for each type of work. Some companies even manage to make a contract for a monthly sprint with each employee every time. This can be unnecessary, but it is enough to sign an act of completion every month with a clear indication of what has been done.
3. Clear project breakdown for each type of work. It acts as a checklist that by itself fixes the fact of your non-disclosure agreement.
4. Strict separation of rights. At the team level, micro-teams and specific position levels.
5. Jurisdiction. It is better to register a company in the jurisdiction where intellectual property is treated the most scrupulously. For the sake of interest, you can study the ranking of countries in accordance with the international index (Russia is in 88th place, between Ecuador and Guatemala).

Important

The protection of intellectual property often turns into a fight between employees and executives. Don’t do that. It is important to understand that by protecting the intellectual property, the company also protects the work of a particular employee. Without mutual understanding in the team, all these mechanisms are meaningless. It is also important for employees to understand that they are not the ones being protected from but the ones getting protection, because it’s the employees of the companies that are the main target for cybercriminals who want to steal the company’s data.

Photo by Valentin Petkov on Unsplash