Protecting Your Trade Secrets During a Crisis
By: Kayla D. Dreyer
Virtually every business has had to quickly transition to employing a remote workforce, whether partially or in full, to ensure compliance with local and state orders related to slowing down the spread of the novel coronavirus. Many companies have adapted primarily by relying on their employees’ ability to perform work on their personal devices. Thus, they have successfully maintained vital business operations during a trying time while also complying with the ever-changing legal landscape. What could go wrong? Potentially, quite a lot.
Businesses still need to be cognizant of protecting their trade secrets and confidential and proprietary information, as well as their customers’ data. The rapid conversion of the brick-and-mortar workforce to telecommuters, while keeping the economy humming along, has also made company property vulnerable to misuse and theft. There are several concrete steps a business can take to protect their confidential information during this uncertain period.
- Remind your employees of company policies concerning confidential and proprietary information. If you do not already have such written policies in place, now is an opportune time to memorialize them. For example, many companies do not want their employees to conduct business through their personal email accounts, outside of a secure server, and/or by way of a public, unsecure wi-fi access point. Most businesses also expect their employees will not utilize its trade secrets or confidential and proprietary information for the employees’ own benefit, either during or after the employment relationship has ended. Some employers may believe these restrictions are just common sense or should be understood by employees. However, these rules and expectations concerning company information should be communicated in writing to your workforce through either an employee handbook or separate policy. Employers should consider asking employees with access to more sensitive information to execute a separate non-disclosure or confidentiality agreement, in addition to complying with company policies.
- Issue a “Bring Your Own Device” (BYOD) policy. If your employees are utilizing their personal devices to conduct work, it is best practice to establish a BYOD policy that sets forth, among other things, the principle that the company owns all work-related information on an employee’s personal device, and that all work-related information stored on the personal device must be returned when the employment relationship ends. We have previously provided some great tips about the care employers should take when asking employees to use their own devices. Now is a great time to review that advice and ensure your company is exercising best practices.
- Review your information technology security protocols with your IT team. They are the experts and should educate you about any potential vulnerability you could possibly face as a result of recent changes in your operations, as well as any solutions that can be implemented. For example, a business that is asking its employees to perform work on their personal devices may be able to restrict a user’s ability to save files locally or on an external data storage device (such as a USB drive) through a simple, remote software installation or update. One may be surprised about the potential options available to control the dissemination of an employer's property accessed from employees’ personal devices.
- Ensure that your employees utilize a secured, end-to-end encrypted platform for any video-teleconferencing (VTC). Employers should become familiar with their respective proprietary VTC platform(s) and instruct their employees on how to make the connection as secure as possible. At a minimum, employees should restrict access to any conference rooms to invitees only and require authentication to enter the room. There are a host of available platforms out there that satisfy these requirements, some of which have been deemed HIPAA-compliant and may be used by medical professionals. The FBI recently issued recommendations for strengthening VTC cybersecurity efforts and mitigating threats from bad actors.
Each business has unique needs and circumstances, and not every protocol may look the same. With careful consideration and planning, as well as strong collaboration with your IT, HR, and legal teams, you can protect your trade secrets and ensure the longevity of your business during any emergency, including a pandemic. For more information on this topic, contact the author of this post, or visit our Trade Secrets & Non-Compete Disputes Practice page to find an attorney in your area.