The coronavirus has had an incredible negative impact across the globe. Besides the obvious medical issues, the virus has multiple side effects: closed schools, devastated the economy, multiple “stay at home” orders across the country, etc. In order to continue to do business and comply with the stay at home orders, many employers are allowing employees to work from home. While this is likely a necessary move for many companies to continue to operate, it does raise added concerns for protecting trade secrets and other confidential information.
If you are one of these employers that are allowing employees with access to trade secrets of other confidential information to work from home, then you should consider implementing one or more of the steps below:
- Written reminder to all employees that while they may be working from home (1) they are not permitted to share any trade secret or confidential information with anyone not authorized by the company to receive that information; (2) it is their obligation to keep trade secrets and confidential information secure while working from home; and (3) they should immediately report any instance where company trade secrets or confidential information may have been improperly disclosed or accessed.
- Reminding employees of the potential of malware, phishing, and other attempts to infiltrate the company’s computing systems. Employees should take additional steps to confirm the identity of those with whom they are communicating with about trade secret or confidential information. This is especially true when those individuals provide alternative or unfamiliar numbers or email addresses.
- Designate a point person to address questions about remote access and to respond to incidents of improper access to company systems or accidental disclosure of trade secrets or confidential information.
- Use a VPN or other secured portal in conjunction with two-step or multi-factor authentication for any remote access to the company’s network. Have your IT department monitor any irregular or high volume downloading of information to better guard against theft. If you do not have the capabilities internally, there are third party vendors or managed service providers that can assist with these functions.
- Prohibit access to company systems via public Wi-Fi.
- Require employees to transmit trade secrets or confidential information through secured servers or drives, like SFTP sites, that require specific credentials for those receiving the information.
- Prohibit possession of trade secrets or confidential information on any device or account that cannot be accessed remotely by the company.
- Prohibit the transmission of trade secret or confidential information through personal email, text or SMS, or social media platforms.
- Prohibit printing or copying trade secrets or confidential information without management approval while working from home and, if approved, requiring the return of such information to management upon return to work.
- Prohibit discussion of trade secrets or confidential information on non-secure video-conferencing platforms. If possible, any such video conference should be set up by the company with specific invitations to participants and unique passwords to join the conference.
- Any potential misappropriation or inadvertent disclosure of trade secrets or confidential information should be investigated immediately by the company and, if necessary, reported to the appropriate law enforcement agency.
This is not an exhaustive list of best practices and there may be additional steps that would best serve your particular circumstances. If you have questions regarding protection of your trade secrets or confidential information during these unprecedented times or if you need assistance drafting policies addressing one or more of the issues addressed above, please contact a member of our trade secret team.