Keep proprietary information safe with remote employees

Smart Business 

(by Sue Ostrowski featuring Carl Ronald)

When the economy started shutting down in March as a result of COVID-19 and employees began working remotely, keeping intellectual property and proprietary information safe didn’t top the list of companies’ concerns.

“Some businesses didn’t put procedures in place or have appropriate training classes because no one really thought the pandemic would extend as long as it has,” says Carl Ronald, shareholder at Babst Calland. “They didn’t instruct employees on how to identify important confidential information or safeguard certain proprietary documents when working from home.”

Smart Business spoke with Ronald about how to keep your company’s proprietary information safe when employees are working outside the office.

What approach should employers take to protect proprietary information?

There are different levels of confidentiality with different information, so I like to begin by identifying the information you have and classifying it accordingly. Some things are sensitive and you’d prefer them not to be disclosed, such as manufacturing schedules, production forecasts, or discounts for specific customers. But while those are things you don’t want your competitors to know, it isn’t going to be disastrous to the company if they are inadvertently disclosed.

Other information, such as a trade secret or the development of a new process that gives you a competitive advantage can devastate your business if it gets out. So, the first step is to identify the information you have and label it appropriately.

Second, businesses should train employees on the different categories of information and make sure they are treating each properly. Make sure everyone understands the importance of keeping information safe and reiterate basic steps to create barriers to access, such as not sharing passwords and using privacy screens when laptops are used in public.Third, identify employees who have access to confidential information and make sure they are bound by confidentiality agreements. While those may not ultimately prevent someone from disclosing, it makes it easier to claw back information that was improperly disclosed and it does strengthen your defense to allegations that you didn’t properly safeguard your trade secrets.

How does having employees working remotely change the equation?

Leadership should consider where employees are working and who may have access to proprietary information of the company. If an employee shares a computer at home with a child — whether a work-issued device or an employee-owned device — it is possible the child could accidentally install a key logger or some other malware that could compromise the security of the company’s infrastructure and information. Employees should use a dedicated work computer and family members should not use it without adequate safeguards.

For example, if an engineer is working from home and developing new technology on behalf of the company, who has access to that workspace? If the product may be patentable, it’s vital to keep that work from being disclosed, because disclosure could jeopardize a potential patent. It’s harder when employees are working remotely to monitor them, and you need to ensure information is treated appropriately.

It’s important to consistently remind employees to protect information and reinforce basics such as being cautious about printing documents, not leaving screens open and ensuring sensitive information isn’t shared on unsecured networks.

What other steps can companies take to protect IP?

Have a VPN connection to a secure server maintained by the company. If employees are working in a public place, have them use their phones to create hotspots that no one else can access. Involve your IT staff in talking about device use. And designate a point person for employees if they have questions about how a document should be treated.

Good information hygiene requires diligence on the part of both management and employees. It’s really important to consistently identify information you want to protect, determine how it should be protected and communicate that to employees, both through written guidance and virtual training.

For the full article, click here.