With so many employees working remotely, businesses must be cognizant that their trade secrets and other confidential business information are at more risk. Cybersecurity is not enough to protect those secrets, experts say. Every company needs a plan in place to protect its secrets, which includes training employees properly.
Even before the coronavirus pandemic, remote workers have been on the upswing for the past 15 years, according to the Nonprofit Leadership Center in Tampa, FL, which supports other nonprofits on subjects such as COVID-19 in the business realm., So this is not an issue likely to disappear.
Companies that provide computers and other equipment to now-remote employees still allow them access to company proprietary information, but secured on company property, not on personal tablets or laptops.
“Although it’s more convenient and less expensive to let employees use their own equipment, companies can track activity on their own devices and configure them to block certain kinds of downloads and file transfers. It’s also far easier to get court approval for forensic imaging and auditing of a company-owned computer if the employee leaves or is laid-off and is suspected of stealing trade secrets,” according to The National Law Review.
“Clearly labeling what information is considered a trade secret can help deter employees from stealing,” the NLR states. “Making that classification can also serve as evidence an employee knew, or should have known, that the information was a trade secret if they need to pursue litigation against former workers.”
Businesses can also restrict access on a need-to-know basis by, for example, blocking certain departments’ access to customers databases. Companies can use software and analytics to track who is looking at what and can monitor what employees are doing on their company laptops.
Hiring a lawyer who specializes in this topic can help businesses create protections for their trade secrets using non-disclosure agreements and non-compete clauses for employment contracts. Clearly communicating to employees your business’s position on this right out of the gate is also critical to avoiding infringement on confidential information.
Recent high-profile trade secrets theft
As a recent example of trade secrets theft, the name Anthony Levandowski has been making recent headlines after the ex-Google engineer received an 18-month prison sentence Tuesday for stealing confidential information.
Levandowski, who jumped to Uber, was charged with 33 counts. He ultimately pled guilty to just one – downloading Google files on the company’s driverless program’s goals, metrics and challenges the company faced, Bloomberg reported.
“This was the biggest trade-secret crime I have ever seen,” said U.S. District Judge William Alsup in San Francisco. “It was massive in scale,” with the stolen trade secrets amounting to “a game plan that the opposing coach would love to have.”
Tips on how to keep those secrets safe
Casual estimates show that 42-56% of employees are working remotely now, said lawyer Rebecca Edelson, with Sheppard Mullin in San Francisco.
“And a lot of people are forecasting that even after the pandemic ends, people are now used to working from home, so there may be a large percentage of workers who continue to do so,’’ she said.
“Employers need to educate employees that even though they are home, this is your workplace and you need to conduct yourself accordingly, with more of a stand-at-attention mentality,” she said.
Generally, remote workers think there is no “realistic risk of misappropriation,” Edelson said. “They think, ‘I don’t need to worry, like if my neighbor is standing over my computer. He’s never going to misappropriate trade secrets.’ There is also another concern they need to be mindful of. Under trade secret law, one of the elements you need to show in order to enforce trade secrets is that you took reasonable steps to protect it as a trade secret.” Otherwise, the employer may find themselves in trouble down the line when it comes out later there was no protection plan.
Part of that plan should be continuing education, said lawyer David Prange, with Robins Kaplan in Minneapolis.
“One thing a company needs to do is continue in terms of any education programs they may have with employees to educate them about what the trade secrets are that they have, so employees know how they should be treated,’’ he said. “Regardless of whether we are in a COVID situation and working from home or not, that is something companies should do on a periodic basis.
“When you shift to having employees work from home one risk that really materializes is the communications channels,” Prange added. “Many companies have the ability for employees to log in remotely on secure channels to make communication. Make sure when you transition to a remote workforce, you realize that everyone is relying on communication technology that goes outside of the walls of the company. Where that becomes a problem is if they need to communicate with someone else, employees may then use different channels than their standard channel. They may rely on Gmail or Drop Box or other channels for communicating information.” Then, there is a potential for a company’s sensitive information to get in the wrong hands.
Remind employees they are prohibited from transmitting or maintaining confidential information except as authorized by the company, Edelson said. “Don’t use your personal email or social media when it comes to confidential information.”
Require work-from-home employees to keep their homes locked to the extent there is confidential information contained there, she said.
“They need to be vigilant in making sure others don’t have access to the confidential information. A common step is to keep a clean desk, not have your trade secrets laying around that people walking by can see. If you have a Zoom conference, you don’t want stuff sitting out.”
Also, she said, require employees working from home to turn off Alexa and Google Home, “since they are always listening.”
She also suggests remote employees be required to securely store any printed information on trade secrets until it can be transported to the office and shredded, or shred it using a home appliance.
“If it is practical for a company, you may want to set up a procedure to account for all confidential information maintained at a particular worker’s home and create a check-in, check-out mechanism on their computer,” Edelson said. “That lets an employer know who is looking at the information and when. Also, have the company’s IT department monitor where an employee downloads a significant amount of data or other unusual activity.”
When remote employees do begin to return to the office, companies need to have an onboarding process in place, Prange said.
“How are you going to onboard if you have employees working remotely and using home computers? You may want to perform a cleanup to go back and ask employees to search those computers and delete (confidential) files from personal hard drives.”
One of the more concerning finds in a study on this subject conducted by the global law firm of Baker McKenzie was that less than one-third of companies have basic measures in place to protect trade secrets. Baker McKenzie provides lawyers to help clients adapt to a constantly changing business environment.
“Unlike patents and other forms of intellectual property,” the study states, “it’s much more difficult, if not impossible, to put the genie back in the bottle once a trade secret has become public.”