While the nation has been in various states of lock down due to COVID-19, have you thought about protecting trade secrets during a pandemic?
In order to protect the health and safety of their workforce, many employers have been allowing employees to work remotely. According to a recent poll by Gallup, 62% of American workers have worked from home during the COVID-19 crisis, a figure that doubled from mid-March, and the trend may continue on for some time as states cautiously lift or relax stay-at-home orders. Working from home may become more of the norm as some companies are choosing to allow employees to work from home for extended periods of time even after stay-at-home orders have been lifted (e.g., tech giants Facebook and Google are allowing some employees to work from home through the end of this year and Twitter and Shopify are allowing employees to work from home indefinitely).
Protecting Trade Secrets During a Pandemic
Remote working situations present unique challenges to keeping trade secrets safe. Trade secret law can protect information that is valuable and provides a business with an edge over the competition because the information is not known to the public. (Click here for more information on what is a trade secret). However, to warrant this protection, companies must show that they have taken reasonable measures to keep their valuable information secret. It is important for business owners to remember to keep security tight during the pandemic, whether dealing with employees working remotely or transitioning the workforce back into the office. Further, employers should be aware of the risks of trade secret theft that arise when dealing with employees who have been laid off as a result of the pandemic.
Here are a few practical steps companies can take to protect their trade secrets during these unprecedented times:
- Identify what needs protection and restrict access to it.
Trade secrets derive their value from being just that – secret. To minimize the potential risk of exposure, limit who has access to confidential and/or sensitive business information to only those company members who need-to-know that information. Also consider making sensitive files or confidential documents read-only to prevent unauthorized downloads, using password protection or authentication processes to restrict unauthorized access to certain files, or prohibiting the use of personal electronic devices to access company information.
- Establish (or re-iterate) a remote-working policy.
Establish and implement internet, computer, and email usage policies regulating employees’ access to company systems. Include these new policies in any employee training manuals, handbooks, or agreements that the company utilizes. If these policies are already in place, remind employees of their obligations as described in the existing policies and/or employment agreements. Employers should consider having employees electronically sign acknowledgements of such policies using an electronic signature program such as DocuSign.
- Train employees on the prevention of disclosure of confidential and/or sensitive information.
Remind employees of their confidentiality obligations. Host on-line training sessions about device security, avoiding cyberattacks, preventing the disclosure of confidential business information, and adhering to the remote-work policies.
- Employ electronic and physical security measures.
During the scramble to accommodate remote access to company servers, some companies may not have had the opportunity to set up robust measures to ensure the security of their systems. Home Wi-Fi networks are usually much less secure than the networks in the office environment. Require employees to use a VPN (virtual private network) to securely access files from the company’s network. Companies should also require employees to use only approved video and teleconferencing technology. Additionally, companies should ensure that any applicable security measures are implemented when the conferencing technology is in use.
- Educate employees on security awareness inside and outside of the home.
Although the working environments for individual employees are different, oftentimes there will be other people present during working hours. The security of physical files and paperwork containing confidential or proprietary information can be an issue in these shared spaces. Keeping conversations secret in a shared environment poses an additional risk in a work-from-home situation. Also, keeping digital data safe can be problematic when using less secure home Wi-Fi networks. While working remotely, employees should be trained to take precautions to protect sensitive business information, such as:
- Having conversations, meetings, and/or videoconferences behind closed doors.
- Maintaining physical control over confidential or sensitive documents. Employees should use the “clean desk” rule by keeping confidential paperwork filed away (in a locked drawer or cabinet if possible) and not laying on the desktop.
- Promptly removing paperwork from shared or family printers.
- Locking the screen when stepping away from the computer or using screen protectors to shield computer screens from anyone who is not looking directly at the display.
- Not allowing others to use work devices, including external storage devices such as USB drives.
- Making sure the home Wi-Fi network is password protected and not accessible to outside third parties.
- Refraining from sending sensitive information over public Wi-Fi networks. Using public Wi-Fi networks can expose the company to “man-in-the-middle” attacks, during which hackers can read the data transmitted from a computer over a public network.
- Have plans in place for when leaks are detected.
Companies should have contingency plans and procedures in place in the unfortunate event that a leak of sensitive information is detected.
As always, please let us know if we can help.
Thank you Nicole Holtzapple for contributing to this blog.