Embezzlement. Identity fraud. Data loss. Copyright infringement. Hacking. Robbery. These are only a sampling of potential threats to a business—the list is long.
“There are so many different opportunities for crooks to take advantage. Everything has changed from what it was 20 years ago,” said Joe Martin, Jr., chief executive officer and co-owner of Reno-based Martin-Ross Security with Rich Ross and Jason Patterson.
Today, companies are charged with protecting their physical assets, data and intellectual property, which encompasses nearly, if not, everything related to the enterprise. To accomplish that effectively, they must employ a host of relevant security measures, from intrusion alarms to hard drive erasers to confidentiality agreements.
Physical Assets
An important part of any business is protecting the company’s physical assets—people, equipment and property—from internal and external threats, including theft, vandalism and natural disasters.
Security firms can help you identify threats to your specific business then formulate and implement custom solutions. Stanley Convergent Security Solutions, an electronic security systems provider with offices in Reno and Las Vegas, calls this a “Best Fit” approach that begins with three questions—How has your business changed? How has your facility changed? How has your product inventory changed?
“If you can think of [a threat], we can devise solutions surrounding it,” said Howard Wulforst, Stanley’s district general manager of Nevada and president of the Nevada Security Association, a non-profit trade association comprised of licensed companies in the security industry.
There are several ways to protect physical assets. Some of the primary efforts include:
Alarms
“Intrusion alarms typically are the most effective, easiest to install and the lowest-priced service,” said Jon Perry, senior vice-president and co-owner with Jonathan Fine of Henderson-based Sting Alarm Inc., a security solutions provider. He also is a Nevada Security Association Board member.
Systems range from basic to complex, and can include visible and covert cameras; fire, motion and seismic detectors; and even laser beam access control points.
Southern Nevada, Clark County and the surrounding areas have a non-response alarm policy, meaning police will respond only to verified alarms. Alarms are verified in one of two ways: by a security officer dispatched to the site or by a security company employee who sees or hears, through remote video or audio in real time, an intruder at the site.
In Northern Nevada, police in Reno and Sparks respond to alarms when they can, but businesses are fined for false alarms. To avoid these fines, some companies hire and pay a monthly fee to a security firm that responds to all alarms and involves the police only when necessary.
Video Cameras, Surveillance
“Having video cameras inside and outside your business is a must,” Martin said. Not only are they a crime deterrent but also useful for identifying criminals. Clients can opt to review video footage in-house when needed or desired. Alternatively, a company can be hired to remotely surveil the business in real time during specified time frames.
“From our central station, we are able to monitor areas typically patrolled by a guard sitting there and notify the customer of anything that happens,” Perry said.
Nowadays, digital video cameras are being tied into networks, and various security systems are being integrated. For example, cash registers can be linked to cameras to monitor all transactions. With certain applications, surveillance video can be viewed in real time on a smartphone.
Access Control Systems
Access control systems, which require a bar or access code, magnetic stripe or other card for entry, monitor the flow of traffic through a company. Additionally, individuals can be given access to certain areas and business owners can know who is in the building and where at any time.
IR Devices, GPS Tags
These devices can be clipped onto expensive merchandise, whether on site or while its being shipped. This allows whoever controls the device to know where the merchandise is at all times. If the devices are tied into a network, alerts will be sent out when the items move or the tags get removed. In the case of lost mobile phones, certain applications like Locate My Droid can remotely track, and recover or wipe data from them, as long as they’re turned on.
Awareness
Another way to know what’s happening in the vicinity of a business is through AlertID.com. This service sends alerts when there are criminal and fire threats in a neighborhood.
Data
Another necessary asset that must be protected from interception, theft, corruption and loss at the hands of hackers, competitors, employees and Mother Nature is corporate, customer and employee data stored on desktop and laptop computers, mobile devices and other office machines.
“Any device, anything on your network—printer, scanner or anything else, has the potential to become a security risk,” said Keith Adams, vice president of information technologies for Les Olson Co., which provides hardware and software sales and service related to document imaging, printing and storage.
“Everybody has skin in the game when it comes to data security, and every business should be aware of it. All types of data are at risk, and the consequences are sweeping,” he added.
There are several expert-recommended ways to protect the data on computers and mobile devices:
Networks
Networking and controlling computers through a main server rather than having them stand alone allows a business to, in part, monitor and control passwords, lock out users after a certain number of failed log-on attempts and assign specific rights to employees based on their job duties. Employees should all have and be required to use passwords (strong ones containing symbols, and upper and lower case letters) and change them regularly, say, every six or nine months.
“You have very finite control over user access and accountability,” said Mark Rouleau, managing partner of iTech Las Vegas, a network support company.
Firewalls
These devices or barriers prevent intrusions into a computer network. They protect a company’s data from the outside—professional hackers who make a living by illegally obtaining, using and selling personal data (bank account and credit card information or Social Security numbers) or other sensitive information. Remember, telecommuting employees need firewalls, too.
Today’s firewalls should have application awareness capability, meaning they can identify threats in sub-applications or prevent access to sub-applications altogether. For example, a firewall may prevent employees from watching YouTube videos through Facebook. Real-time firewall monitoring for security risks and threat remediation are a growing trend.
Closed Networks
Networks are at risk when employees are allowed to use personal devices (cellphones, jump drives, laptops, PDAs, tablets) on them or plug their own wireless access points into jacks somewhere on the premises. Prohibit these practices altogether. Prevent customers from accessing the network as well. Ensure all data jacks on company properties are dead, and configure the network so it locks out any unidentifiable devices that appear on the network.
If employees are allowed to use mobile devices, provide them, and consider banning the downloading of applications onto them. Ensure all rules related to such are outlined clearly in employee manuals and employees know them.
Encryption
Encryption, or the coding of text that requires a key to decipher, is used to protect data in transit, for example that being transferred over the Internet, cellphones, Bluetooth devices, wireless microphones and others. Encryption is available for e-mail (more and more companies are using this) and, in some current Windows operating system versions, for files and folders. In the future, expect to see information being encrypted when it leaves the computer for an output device, where it will remain secure and useless if stolen.
Back-ups
To ensure the availability and integrity of data, properly back up the computer-stored information regularly.
“In the past, the industry standard was every night during business close,” Rouleau said. “Today, we are practicing disaster recovery and performing backups in 15-minute increments, 24 hours a day.”
Data and office equipment
A little known fact is that modern office equipment, such as a multi-functional product (MFP), fax, printer, copier or scanner, transfers images to some type of internal digital storage (a hard drive or random-access memory) rather than to a drum (like in the past). This ensures original copies every time someone prints or makes a copy. This means that sensitive data is stored inside this equipment and easily accessible from hard drives Additionally, if this equipment is tied into a network, it’s at risk of attack if unprotected. There are measures to secure data transmitted through or stored in office equipment:
Location
Situate equipment in non-public places, where people walking by can’t see and access them (this is a Health Insurance Portability and Accountability Act—HIPAA—requirement).
“The hard drive is the insidious threat, but the obvious threat is the information that’s output on the machine and left there waiting for a person to pick up,” Adams said.
Networks
Limit or avoid stand-alone office machines and, instead, incorporate them into the network to employ rules-based printing. With it a business can internally control, through software, which device information gets sent to for output based on factors like its origination, location and job type.
Access Control
Some machines can be locked down when not in use. Unlocking them requires a user to enter a PIN code or swipe some type of access card at the machine. This creates a record of who used the device and when.
Job Holding
Prevent documents from sitting in an output tray for lengths of time by having jobs held inside the office machine until a user enters a PIN code to release them. Most newer devices have this print and hold function. At release, you then have the options to print and retain or print and delete.
Hard Drive, Data Destruction
At the press of a button, some office machines, like Sharp and HP’s, will erase all data off their internal hard drives and overwrite them with 0s and 1s. Always do this before moving, selling or trading in any machines. If a machine lacks this function, request the hard drive from the office equipment supplier and have it shredded or ask the supplier to erase and overwrite the hard drive.
Other machines have options for a data security kit. This allows the user to erase and overwrite data in real time (once a copy, fax, scan or print job is completed) or at scheduled times, like when the machine gets turned off at work day’s end.
Intellectual Property
“Every business has some form of intellectual property,” said Mark Tratos, intellectual property attorney, law instructor and managing shareholder of Greenberg Traurig’s Las Vegas office. But what is it exactly? Intellectual property encompasses ideas, concepts and other creations of the mind—all intangible—which can be turned into something tangible—a brand, logo, software, book and more.
“Probably the best quality the United States has possessed is encouraging businesses to be creative,” Tratos added. “Peculiarly, at the same time we do that, we don’t seem to make sure businesses know what they have to do to protect themselves in that rich environment of creativity.”
The most common threat to intellectual property is infringement, someone taking and using it without compensating the owner, passing it off as their own or creating knockoffs from it. These can result in dilution, a diminishment of the value of the distinct brand (think counterfeit medications), along with confusion of the public as to who is producing the goods and services, and what the quality will be.
“When it comes to unfair competition in all of the brand areas, who we’re really trying to protect is the public and its ability to predict the quality of the goods and services it’s buying,” Tratos said.
The five types of intellectual property, along with ways to protect them, are:
Rights of Publicity
The newest form of intellectual property, closely linked to rights of privacy, every individual has the right to control commercial use of their name, likeness, photographs and anything else that identifies their person or persona. These rights, which exist in most (including Nevada), but not all, states, can be transferred to others like heirs, and extend beyond death.
To legally protect these rights, apply to have them registered—the application is available on the Secretary of State’s Web site.
If a company wants to freely use an individual’s image or voice in an ad or promotion, obtain rights of publicity releases from them.
“It’s another level that employers now have to think about,” Tratos said.
Patents
This type of intellectual property is a set of exclusive rights the federal government grants to an inventor to make, use and sell their invention for a limited period of time.
To obtain a patent, apply with the U.S. Patent and Trademark Office (USPTO) within 12 months of its initial use or disclosure to the public.
Copyrights
This form of intellectual property includes “original works of authorship,” including literary, dramatic, musical, artistic and certain other intellectual works, both published and unpublished. Copyright, represented by the symbol ©, automatically kicks in the moment you create an original work, preventing others from infringement. This means, if you have an outside contractor develop graphic artwork for a brand, for example, per copyright rules, they, as the creator, automatically would own the work. In order to own it, have them sign up front a work-made-for-hire agreement, in which they agree to create the work but allow the person hiring them to own the rights.
To be able to enforce copyright, register specific works with the U.S. Copyright Office within five years of creating and publishing that work.
Trademarks
Trademarks protect brands — the words, names, symbols, sounds or colors that distinguish a company’s goods and services from others’. They fall into three categories: trademarks, service marks and trade dress. Trademarks, designated by ™ if not registered, apply to goods. Service marks, which may bear an SM, apply to businesses that sell one or more services as opposed to goods. Trade dress refers to the physical look related to a company’s brand, like building exteriors.
The minute a company opens, it begins to develop common law trademark rights in the area in which it’s doing business, simply by virtue of the goods and services being sold to the public. No registration is required to have enforceable rights. However, protections can be expanded by filing for a state trademark or service mark or for a national trademark or service mark (represented by the symbol ®), through the USPTO. Unlike patents, trademarks can be renewed indefinitely as long as they’re being used in commerce.
Trade Secrets
Like the recipe for Coca-Cola, these are formulas, processes, procedures, industry knowledge, customer lists and other information that a company keeps secret from competitors to gain an advantage.
Because trade secrets cannot be registered, a business must ensure they remain confidential via other means. If these secrets must be disclosed to another party, ensure they sign a confidentiality or non-circumvention agreement first.
Steps to Security
It doesn’t matter if it’s a start-up or established business, it’s always important to lend thought to intellectual property. Determining what a business can own and what can be protected is the first step to securing intellectual property. Note that under Nevada law, the employer owns any works employees create relating to their jobs. Even so, it wouldn’t hurt to clearly delineate this in an employee manual. Determine whether or not each work requires separate registration. Then, if desired, take the appropriate steps to protect those works. Specify someone in the organization to track the protections, their durations, fees and other pertinent information and how.
The Human Factor
Security mechanisms themselves tend to be fairly reliable. Problems primarily occur when and where people are involved. They fail to set alarms. They hold secure-entry doors open for strangers. They give their computer password to co-workers. They forget to remove originals from the copy machine glass. They overlook paying the renewal fees for their patent.
“Put in place security and policies, train your people and retrain them regularly,” Adams said.