Having a data classification matrix, part of a comprehensive data classification policy, can help organizations better determine the risk level of data.

Learn what a SQL injection is, how attackers can use them to damage organizations and their data, and how to best protect against SQL injection attacks in this blog.

29 Intellectual Property Experts & NFT Experts Reveal What Businesses Should Know about NFTs and IP Protection Non-fungible tokens (NFTs) have taken the digital world by storm, and interest in NFTs remains high, especially among digital-native generations. There's also an emerging interest in NFTs by businesses for their monetization potential and immutable transaction records. We've created this collection of expert tips to provide insight into what you should know about NFTs and intellectual property protection, such as: The transfer of NFT ownership does not confer ownership of the underlying asset. Those who are not well-informed may inadvertently infringe on the owner's IP rights. NFTs have already resulted in lawsuits for IP theft, trademark infringement and dilution. As the market is immature, it's not regulated, and there's minimal case law that can be used to navigate the legal waters. Copycats are a common problem in the NFT space. Robust cybersecurity is a must for businesses minting their own NFTs to safeguard their intellectual property. ...and more. But this merely scratches the surface of the ins and outs of NFTs and how they can protect or otherwise impact intellectual property rights. To provide more insight into what you should know about NFTs and IP protection to keep your business on solid financial and legal footing, we reached out to a panel of intellectual property experts, NFT experts, and business leaders and asked them to answer this question: "What should businesses know about NFTs and IP protection?" Meet Our Panel of NFT Experts & Intellectual Property Experts: Eloisa Marchesoni William Scott Goldman Terrance Blau Laura J. Winston Dominic Harper Alex Wang Raj Kallem Kyle Hill Maxim Manturov Eric Florence Radiance W. Harris, Esq. Joris Delanoue Craig Smith Jared Stern Bob Secord Maria Rebelo Mateo Silva Chris Olson Jack G Abid Volodymyr Shchegel Yanush Zaksheuski Mike Pedrick Rylee Armond Pedro Atencio Rexor Allen Vishesh Raisinghani Chris Seline Lew Zaretzki Guy President Keep reading to learn what your business should keep in mind regarding NFTs and IP protection. Eloisa Marchesoni Eloisa Marchesoni is a tokenomics expert and angel investor. "While it may be that the disputed NFTs discussed on the web experience drastic fluctuations in value due to..." Market volatility and, in some cases, negative publicity and uncertainty over the various exploits that have targeted the owners, as well as OpenSea and similar platforms, it is highly improbable for these cases to trigger a collapse of the general NFT market. A simple reason for this is that more and more big-name brands are taking their first steps into the NFT realm: Taco Bell, Coca Cola, and Nike are just a few. For these companies, the risk of their NFTs becoming the subjects of legal action is extremely low to zero because they own all the IP rights related to the underlying works. In a nutshell, a business minting NFTs based on proprietary IP will never incur such problems. The same cannot be said for freelance creators. In fact, on January 14, 2022, luxury design house Hermès filed a lawsuit against Mason Rothschild with the Southern District Court of New York, citing multiple causes, including trademark infringement and dilution. Mason Rothschild is a digital artist who has created METABIRKINS NFTs featuring the Hermès BIRKIN handbag design, and he is now accused of IP infringement. The case is still ongoing. The novelty of the NFT marketplace means that IP case law has yet to account fully for these assets. If an individual creator wishes to mint their own NFTs but is unsure of the legal repercussions, it's good to err on the side of originality or seek specialist advice. William Scott Goldman @GoldmanLawGroup William is a Senior IP counsel at Goldman Law Group, acquiring first-hand experience in the entertainment industry, business, and branding as the founder of several successful startups. He advises creative business clients, both established and early-stage, graphic designers, advertising agencies, and other attorneys/law firms. "From a legal perspective, under U.S. law, copyright exists in the underlying work if..." It's considered original and fixed in a tangible medium of expression.For instance, paint arranged on canvas could be considered a copyrightable work. However, minting the same as an NFT simply encodes the data on the blockchain as an electronic certificate of authenticity and automatic, smart contract. In fact, on most platforms, the purchaser can only sell or transfer the NFT to others while the author reserves all rights in the underlying work, including reproduction rights, public display rights, distribution rights, and rights to derivative works. Of course, this creates a host of new legal issues. Courts are now retroactively attempting to fit this technology within the framework of existing IP case law. Specific legislation will also likely be introduced, as we've seen in the past with the advent of other cutting-edge innovations. Meanwhile, enterprising businesses and individuals will continue testing the boundaries of what is legally acceptable in this rapidly-emerging digital frontier. Terrance Blau Terry Blau is a technologist and blockchain evangelist. As a data scientist and AI researcher, Terry has led projects funded by DARPA and the NSF. Currently, he is the Technical Operations Lead at Blockchainsure, where he develops deep neural networks for dynamically-priced insurance contracts. "IP ownership is hotly debated in the blockchain community..." Libertarian-leaning maximalists tend to hate IP claims and push for open standards for everything. Others are the opposite, filing copyright, trademark, and patent claims in the U.S. and elsewhere. But going after infringers is difficult since the blockchain community is a global network. If someone copies and resells your NFT jpeg but lives in another country that doesn't recognize judgments from your courts, how do you go about stopping that? There are some sophisticated technologies you can deploy to uniquely mark specific files that are associated with specific NFTs, and that may be part of the next generation of NFTs in the marketplace. It still doesn't solve the enforcement issue, but it can make it clear whether a particular jpeg file is original or not, which is part of the overall perceived value of any NFT. Laura J. Winston @LauraWinston Laura J. Winston is the chair of the Intellectual Property Group at Offit Kurman, P.A. Laura's law practice focuses primarily in the areas of trademarks, copyrights, and the internet, representing U.S.-based and international clients, from individual business owners and small startup ventures to established publicly traded companies. "If you're thinking of minting NFTs (and who isn't these days), there are IP considerations both for..." Protecting your rights and avoiding infringement of others' rights. An NFT can be subject to IP protection similarly to more traditional assets — for example, an NFT containing original artwork and/or written content is subject to copyright protection. In order to be able to assert those rights against a copycat, it is necessary to register the copyright for your NFTs with the U.S. Copyright Office. NFTs that are sold under a particular brand are goods subject to trademark protection, and those brands will have better protection if registered as trademarks in the U.S. and other jurisdictions. Many have already done so — there are more than 4,000 U.S. trademark filings for non-fungible tokens.

Proxy servers can add an extra layer of security for users and organizations alike. In this blog, we break down how proxy servers work and what their benefits are.

Data loss prevention (DLP), especially in the cloud, will help keep your organization’s private data secure while it’s being used and shared.

When it comes to classification, not all data needs to be treated the same way. There are five common categories that organizations can follow.

Learn why organizations will need to implement security practices to protect sensitive data under the Virginia Consumer Data Protection Act (VCDPA), set to go into effect in 2023.

No matter what form they take, trade secrets can be incredibly valuable to a business. We asked 28 IP experts and business leaders what their most important tips are for keeping them safe.

Sensitive data exposures can occur at any company and can release private, secure information costing a company thousands, if not millions, of dollars. What Is Sensitive Data Exposure? Sensitive data exposure is when any protected information, like PII, logins, Social Security numbers, financial data, etc, is found and shared with unauthorized users or companies. As its name implies, sensitive data needs to be protected due to its privacy imperatives from unauthorized disclosure. Safeguards should be enacted to prevent such exposure from occurring since it can impact people’s financial or reputational well-being, in addition to possibly causing them unwarranted emotional harm. In addition to the aforementioned personally identifiable information, sensitive data includes protected health information (PHI). In general, sensitive data that organizations find valuable falls under these categories: Customer Information: This consists of any stolen information that can be used to create and build a complete customer profile. It encompasses financial information such as credit cards and CVV numbers, and bank account information. Employee Data: Login credentials, social security numbers, salary and tax information, and residential address. Intellectual Property and Trade Secrets: Proprietary company information critical to establishing a competitive advantage in the marketplace. Digital Infrastructure: This provides crucial information to hackers and criminals regarding the blueprint of digital systems, offering insight into a company’s security and the attack paths that can be used for compromise. The Difference Between Sensitive Data Exposure and a Data Breach While they typically both have the same end result — jeopardizing critical data and sensitive information, sensitive data exposure and a data breach aren’t the same. A data breach is a concerted and deliberate malicious attempt to undermine an organization’s security system to steal sensitive data and use it to compromise identities for illicit financial gain. On the other hand, sensitive data exposure is accidental, typically the result of negligence or lack of action on the part of the organization. So, while both are undesirable, it is pertinent to note that sensitive data exposure is more passive in nature, resulting in accidental exposure or leakage of data from an application. This data exposure can come from various sources due to inadequate protection, such as lax cloud-based applications or misconfigured databases leaking data. But its deficiencies can usually be resolved by safeguarding and securing the data more appropriately. However, whether it’s a data breach or sensitive data exposure, adverse cybersecurity incidents can blemish an organization’s brand reputation while eroding customer trust and loyalty. The negative publicity and appearance of incompetence also make it difficult to find partners and vendors that want to work with and be associated with the brand. How Are Applications Vulnerable to Data Exposure And How To Secure Them Data is a vital resource of competitive advantage. As a result, as company data is used and transformed into information, it usually passes through multiple stages. At any point in time, data is typically in three states, namely: data in use, data in transit, and data at rest (stored). Sensitive data has to be protected at all times. However, it is hard to keep track of data at all times, much alone protect it. That is why data is encrypted, especially when it’s at rest and in transit. File and Public Key Encryption File encryption is the general method used to protect sensitive data. For documents that need to be shared among several parties, public key encryption is commonly used to secure the sensitive data it contains. Public key encryption is ideal because it doesn’t require passwords to be stored or other secrets to be shared. Apart from file encryption, tokenization and hashing are used to protect and encrypt certain fields in databases, especially those that store password and user account credential information. All these measures bolster file and database security to ensure their data is only accessed by authenticated users. This is because it uses private keys that seamlessly decrypt the file containing the data using its associated public key while remaining privately hidden. When an organization unwittingly exposures sensitive data through a security incident, it may lead to loss, unauthorized disclosure, alteration, or accidental destruction of the sensitive data. But data in use has to be unencrypted for it to be accessed by those who need to view or modify it, meaning the file in which the data is stored has to be decrypted. However, once the file or document is opened, the data stored in it is defenseless, exposed, and vulnerable to attack. Data in use is usually the most vulnerable because it has been decrypted. Protecting Sensitive Data From Illegal Exposure There are ways to avoid making sensitive data less vulnerable. Some things are no-brainers, like avoiding storing it in plain text documents. However, the more common way data is vulnerably exposed is through poor application programming practices, storing it in insecure online systems, uploading incorrect information to databases, and infrastructure misconfigurations. Since most of these are software flaws, they can be fixed and resolved by following data exposure prevention best practices and better coding practices. Code Injection Attacks on Databases and Weak JavaScript To prevent this attack, you must ensure your database can’t be compromised or tricked into exposing sensitive data to unauthorized users. Hackers and malicious actors deploy code injection attacks to trick a database or unwitting users to provide sensitive data, primarily through SQL Injection and cross-site scripting attack vectors. Capitalizing on Weak TLS or Encryption Without SSL or properly configured HTTPS security on a website, the data stored or transmitted through it stands the risk of exposure. Other hackers could take advantage of weak encryption enforcement to perpetrate attack scenarios such as surreptitiously downgrading the connections from HTTPS to HTTP. Another attack path could involve executing request forgery attacks by intercepting requests to steal user session cookies to hijack authenticated sessions. Man-in-the-Middle (MITM) Attacks This occurs when an attacker actively eavesdrops on conversations or, more appropriately, communications between parties — amongst users or a user and an application — by making independent connections. The objective is to intercept the relay messages and possibly alter the communications, unbeknownst to the parties involved. Although MITM attacks are widespread, they tend to occur on a small scale. Furthermore, they are mainly opportunistic and don’t pose much of a threat to an organization. However, they can cause real damage if they specifically target high-value employees with access to sensitive information through reconnaissance. A MITM attack can be successful if the target carelessly uses unsecured wireless networks, for instance, in coffee shops, to transact sensitive business. Ransomware Attacks A ransomware attack is a cybersecurity attack that essentially holds an organization’s data ransom until the criminals are paid a ransom. The files containing the sensitive data are encrypted with the threat of deletion or illegal exposure if the ransom money isn’t paid promptly. Insider Threat Attacks As the name suggests, insider threats traditionally come from within the organization. They occur when an employee or insider, like a contractor or vendor, poses a security risk by either unknowingly (often due to carelessness) or maliciously exposing the organization’s sensitive data. What Compliance Standards Are Affected When a Sensitive Data Exposure Occurs? A wide range of privacy regulations have sprung up over the past several years to hold companies accountable concerning how they handle sensitive and confidential data. The most notable are the California Consumer Privacy Act (CCPA) and General Data Protection Regulation (GDPR), which require organizations to protect data in their possession at all costs or risk facing fines for non-compliance. These two have probably had the most significant impact on businesses and organizations around the globe regarding data privacy and compliance. On the healthcare front, there are the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). HIPAA and HITECH are regulations designed to protect a patient’s health data. Both come with steep penalties and fines for organizations and healthcare providers who fail to comply. Learn How Digital Guardian Secure Collaboration Can Prevent Sensitive Data Exposure Digital Guardian Secure Collaboration is equipped to protect your sensitive data, whether at rest, in use, or in transit. This is because it uniquely uses a combination of digital rights management (DRM) and information rights management (IRM) technologies to protect sensitive data in all phases of the data lifecycle.

Inadequate cybersecurity efforts, questionable data privacy practices, and ransomware made the top headlines this past week. Catch up on the latest stories in this week's Friday Five!

Having a vulnerability management program in place - one that identifies and prioritizes fixing bugs in software - is a critical part of every organization's IT team.

What does it mean when digital content is DRM protected? We explain how DRM works and protects intellectual property in this blog.

Brute force attacks may seem old and simplistic but they're still effective. Read this blog to help your organization better understand and defend against them.

Learn about the difference between structured data and unstructured data and how to best protect it in Data Protection 101, our series on the fundamentals of information security.