‘Brand & New’ Podcast Guest Encourages Practitioners to Embrace Technology to Remain Relevant

Prompted by the enormous interest today in innovation and its impact on intellectual property (IP), INTA recently introduced a new podcast, Brand & New, and has been releasing a new episode every two weeks. In each podcast, host Audrey Dauvet conducts a compelling dialogue with inspiring individuals-brand owners, IP lawyers, marketing and finance professionals, and academics-from around the world who share their thoughts on the evolution of the legal and IP ecosystem, its concepts, and all actual or potential consequences.

The latest episode, entitled “Cybersecurity: Through an Intellectual Property Lens,” features Eran Kahana, an IP and cybersecurity attorney at Maslon LLP, Minneapolis, Minnesota, a research fellow at Stanford Law School, Palo Alto, California, and a director at InfraGard (Minnesota chapter), an FBI and private partnership. He shares his experience and views about cybersecurity, the threats related to data, and potential solutions in a complex ecosystem where IP is basically everywhere and where cybercrime is increasingly alarming.

Below is a snapshot of the interview with Mr. Kahana-albeit presented in written rather than audio format. For the complete podcast and others, listen to Brand & New on iTunes, Spotify, and Stitcher.

The concept of cybersecurity is a topic of interest for large companies and governments. Beyond what we read almost every day in the news, what are the actual risks faced by companies and individuals?
Well, I think that the risks are that, with everything relying on computers these days, more and more things are becoming computerized. We see this in the rapidly growing segment of the Internet of Things. So, the more reliant we are on computers to store information and to process that information, more and more we are becoming vulnerable. So, the risks that we have are increasing in magnitude.

What are the biggest threats related to data today?
I think that the number one threat that is imposed on data or that targets data today is ransomware, which is basically a technique that tricks a user into opening a file that contains what we call malicious code. And that code goes into the user’s computer environment and locks out the access to that data, and it conditions the access to essentially paying a ransom that is usually almost always in the form of Bitcoin because it’s untraceable…There are all kinds of different variances. But what they share in common is that they aim to trick a user into clicking on a link or an attachment which triggers the malicious code.

Ransomware and the phishing that leads to ransomware I think is probably the most problematic challenge that companies face today. And it’s not just expensive, it can also cost people’s lives when, for example, a ransomware attack is directed at a hospital or other health environment or at a military installation, for example. So, there can be consequences that go way beyond just an inconvenience factor.

In the examples you give, cybersecurity breaches seem to be caused most often by ill-intentioned individual hackers located in remote countries. However, in many cases, the risks lie rather with the company’s own staff. How can companies effectively protect themselves including their rights from the inside out without losing flexibility and efficiency?
This is an ongoing challenge for any company that uses computers, which is pretty much every business these days. And there is no one thing that fixes it all. It requires a good level of diligence on the part of the many different elements of the company like the human resources department, the legal department, and the IT department. It requires having the right tools that monitor behavior. It requires training of users to make sure that they understand what they are allowed to do and what they’re not allowed to do. It requires training managers to be on the lookout for behavior [that is suspicious]… The issue is that people change jobs, and so this is not something that you do once, and you’re done with it. This requires ongoing diligence.

Among the targets of cyber hacks, lawyers are prominent… What are the main cyber risks law firms must address? And what are your common sense recommendations that are critical to protect [not only] their information but also their ethics and reputation?
… Lawyers and law firms should be vigilant, I think, as to what are best practices. They should be part of what we call information sharing organizations that share basically best practices-“This is how you do things.” And [they should] pay attention to the very same things that any other company that uses computers does. “Are there any suspicious activities on the network, things that we didn’t expect to happen?” and so forth.

Although every effort has been made to verify the accuracy of items in the INTA Bulletin, readers are urged to check independently on matters of specific concern or interest.