Resources

Blog

The Complete Guide to Brand Protection

Brand protection is a high priority for companies. If your brand’s reputation is tarnished, sales may drop due to the brand’s poor image. Why Is Brand Protection Important? Brand protection is important because it allows a company to protect its image by removing copycats from the marketplace, which possibly tarnishes the reputation of its products or services. Brand protection encompasses a series of actions taken by a right holder to prevent the intellectual property associated with their brand from being abused by third parties. The perpetrators are typically bad actors like counterfeiters and copycats who illegally infringe on a brand name, brand identity, and intellectual property for personal and financial gain. These are the core elements that constitute a brand and brand protection: Intellectual Property (IP): Brands use all manner of IP to safeguard assets associated with the brands. These typically include patents, copyrights, trademarks, and so on. According to the 2017 report by The Commission on the Theft of American Intellectual Property, US businesses lose approximately $600 billion through various manner of intellectual property theft such as pirated software, counterfeited goods, and stolen trade secrets. Reputation: A brand is coveted because it represents how the general public perceives a company, the quality of its products, its values, and its standing in the community. As a result, companies work hard to build, preserve, protect and embellish their brand reputation. The Benefits of Brand Protection Brand protection provides many direct benefits and ancillary benefits. Improved Sales and Revenue Businesses can generate more sales and boost their revenue without scammers, forgers, and counterfeit products eating into sales and financial opportunities. Increased Profit Margins Automated brand protection strategically puts mechanisms and systems in place to detect, monitor, and forestall attempts at copyright infringement. Since low-quality products have been removed or prevented from proliferation, customers would be more likely to spend on reliable, high-quality products. This saves businesses valuable time and frees up valuable energy and money in the form of profit that would have otherwise been chipped away by fighting the illegal shenanigans of unscrupulous actors. Improved Reputation and Partnerships When a business and its products are no longer associated with mediocrity due to fake goods, it generates goodwill among the public. Furthermore, this leads to an improved reputation, creating more customer loyalty. As a result, retailers, vendors, distributors, and other partners will be more likely to engage in partnerships with the business and its associated brands. The Threats To Brand Reputation And Image Threats to brand reputation come in various forms and are manifested in intellectual property theft, copyright infringement, and all many other nefarious counterfeitings. Copyright Piracy: This encompasses the infringement of copyrighted work through unauthorized activity such as copying, display, performance, and/or illegal distribution. Counterfeiting: Counterfeiting encompasses broad-based illegal activities that typically involve some of the following:Illegal labeling and violations of trademarks, patents, copyrights, and design rights to deceive consumers that the product or business is affiliated with the legitimate brand.Unauthorized manufacture and distribution of illicit goods under another person’s or brand’s name without permission. Patent Theft: Infringing on patent rights by using a patented product without permission or license. Grey Market or Parallel Market: This is the sale of legitimate goods without the trademark owner’s consent in a certain market or economic area. The goods are effectively diverted outside the official distribution channels without the trademark holder’s approval. Trademark Abuse: This includes brand impersonation schemes. Brandjacking: This is the unauthorized use of a company’s brand, often through online impersonation that assumes the brand’s identity. In our increasingly digital-inhabited society, social media impersonation is becoming more rampant. Brandjacking skirts the line of criminality, but it is an underhanded method that usually involves leveraging another business’s brand for one’s own marketing purposes. Brand Impersonation: As the name implies, brand impersonation occurs when unscrupulous parties impersonate a valued brand with the objective of tricking unsuspecting victims into fraudulent business transactions. Trademark Squatting: This happens when someone other than the valid brand owner registers a trademark. Threat Intelligence Steps to Establish Brand Protection Companies usually follow the process below as a course of action to pursue effective brand protection. Detection Organizations must be vigilant by continuously monitoring their online properties and investigating any possible abuse or infringement of their brand’s position. This involves discovering rogue websites, fake social media profiles, and counterfeit e-commerce listings. Implementing security software for anti-phishing to prevent impersonations that are often a precursor to brand infringements. In addition to scouting the internet for online infringement, they must investigate attempts to perpetrate IP violations in brick-and-mortar establishments. In essence, this phase of brand protection involves detecting risks early and alerting the relevant authorities when violations occur. Most often than not, the threat intelligence used here typically involves various aspects of cybersecurity defenses and monitoring. Validation This process involves verifying and confirming that the IP and copyright abuses identified are valid. This is important because while an organization vigorously enforces IP rights, it should ensure compliant companies aren’t penalized or subjected to undue burdens. Proactive cybersecurity measures are instituted to validate, anticipate, and prevent potential brand infringement threats. Enforcement Brand protection involves compelling compliance, so organizations have a role in ensuring laws and obligations are adequately followed in protecting their IP. This may include working with the relevant authorities to close illicit product listings, shut down rogue websites, remove misleading online postings, and take down fake social media accounts. Reporting Organizations need to have an inventory of the status of their intellectual property and the scope of violations, along with actionable information to improve their brand protection and security posture. How Do Data Breaches Affect Brand Protection? Data breaches inflict incalculable damage to business brands. According to IBM’s 2022 Cost of Data Breach Report, a data breach’s average cost has skyrocketed to $4.24 million. While financial estimates are easier to pin down, other debilitating impacts are more difficult to quantify, such as reputational damage and the destruction of customer trust and goodwill. Reputational Damage Brands are based on reputation generated by sustained goodwill — or lack thereof — with the general public. As a result, brands are understandably sensitive to anything that erodes their hard-earned reputation. Unfortunately, reputational damage resulting from cybersecurity breaches is not an isolated affair since as much as 46% of organizations have been impacted. A data breach can cause a serious dent in a brand image that is very hard to recover from, especially for smaller businesses that don’t have the marketing or PR power to counter negative publicity. Data Breach Damages Consumer Trust One of the worst things IP assaults on brands do, whether through counterfeit products or data breaches, is massively undermining the trust and goodwill of the brand. While brands jealously guard their reputation, data breaches are more insidious because, in addition to financial damage, they often result in broken customer trust, which is difficult to repair. This damage is worsened by the fact that negative customer sentiments can quickly spread through online reviews and social media. Data breaches signal to the public that the affected organization cannot be trusted as a custodian of customer data, including personally identifiable. Worse, it may build a narrative, whether justifiable or not, that the organization is careless or doesn’t take security seriously. Loss of Competitive Advantage A successful brand gives the business a competitive advantage that competitors in the same market or industry cannot easily replicate. This is because, in addition to its distinct features, the intangible value, benefits, and emotional bond a brand forges with customers make it challenging for competitors to copy willy-nilly. However, a data breach undermines a brand’s wholesome image and, in turn, can weaken its competitive advantage.
Blog

What Should Businesses Know About NFTs and IP Protection?

29 Intellectual Property Experts & NFT Experts Reveal What Businesses Should Know about NFTs and IP Protection Non-fungible tokens (NFTs) have taken the digital world by storm, and interest in NFTs remains high, especially among digital-native generations. There's also an emerging interest in NFTs by businesses for their monetization potential and immutable transaction records. We've created this collection of expert tips to provide insight into what you should know about NFTs and intellectual property protection, such as: The transfer of NFT ownership does not confer ownership of the underlying asset. Those who are not well-informed may inadvertently infringe on the owner's IP rights. NFTs have already resulted in lawsuits for IP theft, trademark infringement and dilution. As the market is immature, it's not regulated, and there's minimal case law that can be used to navigate the legal waters. Copycats are a common problem in the NFT space. Robust cybersecurity is a must for businesses minting their own NFTs to safeguard their intellectual property. ...and more. But this merely scratches the surface of the ins and outs of NFTs and how they can protect or otherwise impact intellectual property rights. To provide more insight into what you should know about NFTs and IP protection to keep your business on solid financial and legal footing, we reached out to a panel of intellectual property experts, NFT experts, and business leaders and asked them to answer this question: "What should businesses know about NFTs and IP protection?" Meet Our Panel of NFT Experts & Intellectual Property Experts: Eloisa Marchesoni William Scott Goldman Terrance Blau Laura J. Winston Dominic Harper Alex Wang Raj Kallem Kyle Hill Maxim Manturov Eric Florence Radiance W. Harris, Esq. Joris Delanoue Craig Smith Jared Stern Bob Secord Maria Rebelo Mateo Silva Chris Olson Jack G Abid Volodymyr Shchegel Yanush Zaksheuski Mike Pedrick Rylee Armond Pedro Atencio Rexor Allen Vishesh Raisinghani Chris Seline Lew Zaretzki Guy President Keep reading to learn what your business should keep in mind regarding NFTs and IP protection. Eloisa Marchesoni Eloisa Marchesoni is a tokenomics expert and angel investor. "While it may be that the disputed NFTs discussed on the web experience drastic fluctuations in value due to..." Market volatility and, in some cases, negative publicity and uncertainty over the various exploits that have targeted the owners, as well as OpenSea and similar platforms, it is highly improbable for these cases to trigger a collapse of the general NFT market. A simple reason for this is that more and more big-name brands are taking their first steps into the NFT realm: Taco Bell, Coca Cola, and Nike are just a few. For these companies, the risk of their NFTs becoming the subjects of legal action is extremely low to zero because they own all the IP rights related to the underlying works. In a nutshell, a business minting NFTs based on proprietary IP will never incur such problems. The same cannot be said for freelance creators. In fact, on January 14, 2022, luxury design house Hermès filed a lawsuit against Mason Rothschild with the Southern District Court of New York, citing multiple causes, including trademark infringement and dilution. Mason Rothschild is a digital artist who has created METABIRKINS NFTs featuring the Hermès BIRKIN handbag design, and he is now accused of IP infringement. The case is still ongoing. The novelty of the NFT marketplace means that IP case law has yet to account fully for these assets. If an individual creator wishes to mint their own NFTs but is unsure of the legal repercussions, it's good to err on the side of originality or seek specialist advice. William Scott Goldman @GoldmanLawGroup William is a Senior IP counsel at Goldman Law Group, acquiring first-hand experience in the entertainment industry, business, and branding as the founder of several successful startups. He advises creative business clients, both established and early-stage, graphic designers, advertising agencies, and other attorneys/law firms. "From a legal perspective, under U.S. law, copyright exists in the underlying work if..." It's considered original and fixed in a tangible medium of expression.For instance, paint arranged on canvas could be considered a copyrightable work. However, minting the same as an NFT simply encodes the data on the blockchain as an electronic certificate of authenticity and automatic, smart contract. In fact, on most platforms, the purchaser can only sell or transfer the NFT to others while the author reserves all rights in the underlying work, including reproduction rights, public display rights, distribution rights, and rights to derivative works. Of course, this creates a host of new legal issues. Courts are now retroactively attempting to fit this technology within the framework of existing IP case law. Specific legislation will also likely be introduced, as we've seen in the past with the advent of other cutting-edge innovations. Meanwhile, enterprising businesses and individuals will continue testing the boundaries of what is legally acceptable in this rapidly-emerging digital frontier. Terrance Blau Terry Blau is a technologist and blockchain evangelist. As a data scientist and AI researcher, Terry has led projects funded by DARPA and the NSF. Currently, he is the Technical Operations Lead at Blockchainsure, where he develops deep neural networks for dynamically-priced insurance contracts. "IP ownership is hotly debated in the blockchain community..." Libertarian-leaning maximalists tend to hate IP claims and push for open standards for everything. Others are the opposite, filing copyright, trademark, and patent claims in the U.S. and elsewhere. But going after infringers is difficult since the blockchain community is a global network. If someone copies and resells your NFT jpeg but lives in another country that doesn't recognize judgments from your courts, how do you go about stopping that? There are some sophisticated technologies you can deploy to uniquely mark specific files that are associated with specific NFTs, and that may be part of the next generation of NFTs in the marketplace. It still doesn't solve the enforcement issue, but it can make it clear whether a particular jpeg file is original or not, which is part of the overall perceived value of any NFT. Laura J. Winston @LauraWinston Laura J. Winston is the chair of the Intellectual Property Group at Offit Kurman, P.A. Laura's law practice focuses primarily in the areas of trademarks, copyrights, and the internet, representing U.S.-based and international clients, from individual business owners and small startup ventures to established publicly traded companies. "If you're thinking of minting NFTs (and who isn't these days), there are IP considerations both for..." Protecting your rights and avoiding infringement of others' rights. An NFT can be subject to IP protection similarly to more traditional assets — for example, an NFT containing original artwork and/or written content is subject to copyright protection. In order to be able to assert those rights against a copycat, it is necessary to register the copyright for your NFTs with the U.S. Copyright Office. NFTs that are sold under a particular brand are goods subject to trademark protection, and those brands will have better protection if registered as trademarks in the U.S. and other jurisdictions. Many have already done so — there are more than 4,000 U.S. trademark filings for non-fungible tokens.
Video

Why Digital Guardian?

Get a picture of our data-centric approach to securing sensitive information at the world's most innovative, influential companies.
On-Demand Webinar

Extending Microsoft Purview Information Protection Through DLP

Data is what fuels business today. Whether your emphasis is regulated data such as PCI, PHI, PII, or intellectual property – it is one of your most valuable assets. The complex blend of high value assets on multiple platforms makes data protection one of the biggest challenges your organization may face – so how do you make it easy?Microsoft Purview Information Protection (MIP) delivers a set of...
Blog

What Is a Sensitive Data Exposure vs. a Data Breach?

Sensitive data exposures can occur at any company and can release private, secure information costing a company thousands, if not millions, of dollars. What Is Sensitive Data Exposure? Sensitive data exposure is when any protected information, like PII, logins, Social Security numbers, financial data, etc, is found and shared with unauthorized users or companies. As its name implies, sensitive data needs to be protected due to its privacy imperatives from unauthorized disclosure. Safeguards should be enacted to prevent such exposure from occurring since it can impact people’s financial or reputational well-being, in addition to possibly causing them unwarranted emotional harm. In addition to the aforementioned personally identifiable information, sensitive data includes protected health information (PHI). In general, sensitive data that organizations find valuable falls under these categories: Customer Information: This consists of any stolen information that can be used to create and build a complete customer profile. It encompasses financial information such as credit cards and CVV numbers, and bank account information. Employee Data: Login credentials, social security numbers, salary and tax information, and residential address. Intellectual Property and Trade Secrets: Proprietary company information critical to establishing a competitive advantage in the marketplace. Digital Infrastructure: This provides crucial information to hackers and criminals regarding the blueprint of digital systems, offering insight into a company’s security and the attack paths that can be used for compromise. The Difference Between Sensitive Data Exposure and a Data Breach While they typically both have the same end result — jeopardizing critical data and sensitive information, sensitive data exposure and a data breach aren’t the same. A data breach is a concerted and deliberate malicious attempt to undermine an organization’s security system to steal sensitive data and use it to compromise identities for illicit financial gain. On the other hand, sensitive data exposure is accidental, typically the result of negligence or lack of action on the part of the organization. So, while both are undesirable, it is pertinent to note that sensitive data exposure is more passive in nature, resulting in accidental exposure or leakage of data from an application. This data exposure can come from various sources due to inadequate protection, such as lax cloud-based applications or misconfigured databases leaking data. But its deficiencies can usually be resolved by safeguarding and securing the data more appropriately. However, whether it’s a data breach or sensitive data exposure, adverse cybersecurity incidents can blemish an organization’s brand reputation while eroding customer trust and loyalty. The negative publicity and appearance of incompetence also make it difficult to find partners and vendors that want to work with and be associated with the brand. How Are Applications Vulnerable to Data Exposure And How To Secure Them Data is a vital resource of competitive advantage. As a result, as company data is used and transformed into information, it usually passes through multiple stages. At any point in time, data is typically in three states, namely: data in use, data in transit, and data at rest (stored). Sensitive data has to be protected at all times. However, it is hard to keep track of data at all times, much alone protect it. That is why data is encrypted, especially when it’s at rest and in transit. File and Public Key Encryption File encryption is the general method used to protect sensitive data. For documents that need to be shared among several parties, public key encryption is commonly used to secure the sensitive data it contains. Public key encryption is ideal because it doesn’t require passwords to be stored or other secrets to be shared. Apart from file encryption, tokenization and hashing are used to protect and encrypt certain fields in databases, especially those that store password and user account credential information. All these measures bolster file and database security to ensure their data is only accessed by authenticated users. This is because it uses private keys that seamlessly decrypt the file containing the data using its associated public key while remaining privately hidden. When an organization unwittingly exposures sensitive data through a security incident, it may lead to loss, unauthorized disclosure, alteration, or accidental destruction of the sensitive data. But data in use has to be unencrypted for it to be accessed by those who need to view or modify it, meaning the file in which the data is stored has to be decrypted. However, once the file or document is opened, the data stored in it is defenseless, exposed, and vulnerable to attack. Data in use is usually the most vulnerable because it has been decrypted. Protecting Sensitive Data From Illegal Exposure There are ways to avoid making sensitive data less vulnerable. Some things are no-brainers, like avoiding storing it in plain text documents. However, the more common way data is vulnerably exposed is through poor application programming practices, storing it in insecure online systems, uploading incorrect information to databases, and infrastructure misconfigurations. Since most of these are software flaws, they can be fixed and resolved by following data exposure prevention best practices and better coding practices. Code Injection Attacks on Databases and Weak JavaScript To prevent this attack, you must ensure your database can’t be compromised or tricked into exposing sensitive data to unauthorized users. Hackers and malicious actors deploy code injection attacks to trick a database or unwitting users to provide sensitive data, primarily through SQL Injection and cross-site scripting attack vectors. Capitalizing on Weak TLS or Encryption Without SSL or properly configured HTTPS security on a website, the data stored or transmitted through it stands the risk of exposure. Other hackers could take advantage of weak encryption enforcement to perpetrate attack scenarios such as surreptitiously downgrading the connections from HTTPS to HTTP. Another attack path could involve executing request forgery attacks by intercepting requests to steal user session cookies to hijack authenticated sessions. Man-in-the-Middle (MITM) Attacks This occurs when an attacker actively eavesdrops on conversations or, more appropriately, communications between parties — amongst users or a user and an application — by making independent connections. The objective is to intercept the relay messages and possibly alter the communications, unbeknownst to the parties involved. Although MITM attacks are widespread, they tend to occur on a small scale. Furthermore, they are mainly opportunistic and don’t pose much of a threat to an organization. However, they can cause real damage if they specifically target high-value employees with access to sensitive information through reconnaissance. A MITM attack can be successful if the target carelessly uses unsecured wireless networks, for instance, in coffee shops, to transact sensitive business. Ransomware Attacks A ransomware attack is a cybersecurity attack that essentially holds an organization’s data ransom until the criminals are paid a ransom. The files containing the sensitive data are encrypted with the threat of deletion or illegal exposure if the ransom money isn’t paid promptly. Insider Threat Attacks As the name suggests, insider threats traditionally come from within the organization. They occur when an employee or insider, like a contractor or vendor, poses a security risk by either unknowingly (often due to carelessness) or maliciously exposing the organization’s sensitive data. What Compliance Standards Are Affected When a Sensitive Data Exposure Occurs? A wide range of privacy regulations have sprung up over the past several years to hold companies accountable concerning how they handle sensitive and confidential data. The most notable are the California Consumer Privacy Act (CCPA) and General Data Protection Regulation (GDPR), which require organizations to protect data in their possession at all costs or risk facing fines for non-compliance. These two have probably had the most significant impact on businesses and organizations around the globe regarding data privacy and compliance. On the healthcare front, there are the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). HIPAA and HITECH are regulations designed to protect a patient’s health data. Both come with steep penalties and fines for organizations and healthcare providers who fail to comply. Learn How Digital Guardian Secure Collaboration Can Prevent Sensitive Data Exposure Digital Guardian Secure Collaboration is equipped to protect your sensitive data, whether at rest, in use, or in transit. This is because it uniquely uses a combination of digital rights management (DRM) and information rights management (IRM) technologies to protect sensitive data in all phases of the data lifecycle.
Blog

Friday Five 11/18

Inadequate cybersecurity efforts, questionable data privacy practices, and ransomware made the top headlines this past week. Catch up on the latest stories in this week's Friday Five!