June 29, 2020

June 22, 2020

june 15, 2020

june 10, 2020

june 8, 2020

June 4, 2020

may 29, 2020

may 28, 2020

may 27, 2020

may 15, 2020

may 14, 2020

may 12, 2020

may 8, 2020

may 6, 2020

may 5, 2020

may 4, 2020

may 1, 2020

april 29, 2020

april 24, 2020

April 23, 2020

april 21, 2020

april 17, 2020

april 16, 2020

april 15, 2020

April 14, 2020

APRIL 13, 2020

APRIL 10, 2020

APRIL 9, 2020

april 8, 2020

april 7, 2020

April 3, 2020

april 2, 2020

april 1, 2020

March 31, 2020

march 30, 2020

March 27, 2020

March 26, 2020

march 25, 2020

march 24, 2020

march 23, 2020

MARCH 21, 2020

MARCH 20, 2020

MARCH 19, 2020

MARCH 18, 2020

MARCH 17, 2020

MARCH 16, 2020

MARCH 5, 2020

Maintaining Your Trade Secrets During the Coronavirus Crisis

RICHARD REICE
APRIL 10, 2020


Many offices around the country are closed and workers are sheltering in place due to government issued quarantine and stay-at-home orders. Nevertheless, employees who can are telecommuting. But as a result, confidential information—once reserved for company servers or desks in the workplace—has now found its way onto personal computers and kitchen tables. Which means the time is ripe to remind your employees of the need to maintain the confidentiality of your sensitive materials.

Toward that end, Michelman & Robinson encourages you to consider the following 10 action items that could serve to protect your trade secrets.

  1. Reissue—via email—your company’s electronic use and confidentiality policies to all employees. In doing so, make sure the policies specifically speak to the challenges of working from home and the need to remain vigilant. It is important that you remind employees that their obligation to maintain company secrets is ongoing, which means they are not to share confidential information with unauthorized personnel, or give access to their personal or company computers to other members of their household or anyone else while working remotely.

  2. Educate your employees how to spot phishing attempts or other fraudulent schemes designed to infiltrate company computing systems.

  3. Work with your IT department to issue protocols for the storage of company documents on personal computers. This may include setting up a virtual desktop infrastructure (VDI) or mobile device management protocol to ringfence company data from personal materials. Private cloud storage is also a viable option to ensure that company-owned information is protected from outside access.

  4. Insist that employees use strong passwords, and that their computers (1) auto-lock after brief periods of inactivity and (2) are equipped with company-provided anti-virus and protective software. In addition, you should encourage regular backups and establish protocols for immediate reporting of lost or stolen devices. Of course, employees will need to be trained to carry out all of these procedures.

  5. While employees generally have no right to privacy in the workplace, they do have an expectation of privacy in and to their personal computing devices—their homes as well, even when they become alternate work sites. For this reason, think about having your employees read and sign an online acknowledgement form giving you access to their personal devices for the limited purpose of locating and securing company documents. Within the acknowledgement, you should be transparent as to why the company feels such access is important, and make it clear that the company reserves the right to inspect employee devices if it has reason to suspect a security breach (or in order to conduct a security audit). While you are at it, inform employees about what may and may not get wiped from their devices should their duties change or if they leave the company.

    You should understand that accessing your employees’ personal devices is a delicate subject. Thus, before allowing employees to retrieve company data on their own computers, tablets, or smartphones, be sure all parties—management and IT included—are explicitly clear on the aforementioned rules. And to the extent there is crossover between company and personal information on any given device, let your employees know how their private (non-company) data will be protected.

  6. Implement guidelines and an IT hotline to be used if an employee loses a device or suspects he or she has been hacked, or in any instance where company trade secrets or confidential information may have been improperly disclosed or otherwise compromised.

  7. Institute rules about remote printing, document storage, and the proper disposal of company documents (in file form or hard copy).

  8. Establish protocols for video conferencing, including security passwords and private spaces. In addition, given recent reporting in the press, be cognizant of issues, if any, regarding the security integrity of your video conference platform.

  9. While this might seem ripped from a James Bond thriller, participants on video conferences and emails may want to use code names for highly sensitive or confidential products or projects.

  10. Given our new, higher risk environment, you may want to purchase a policy of cybersecurity insurance. This type of coverage is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage.

    As always, M&R stands ready to help you address all of these issues, including the design of privacy policies and cyber security insurance procurement and evaluation.

We are working diligently to keep our clients up to date on coronavirus-related developments. Nevertheless, these developments are changing daily and, in some cases even hourly, so it is important that you make sure you are dealing with the most current information. That being said, this alert is not offered, and should not be relied on, as legal advice. You should consult an attorney for guidance and counsel regarding any specific concern or situation.