To keep employees and communities safe, many businesses have given remote access to systems and data without ensuring new technologies are secure or implementing and strengthening remote work policies and procedures. Some companies are relaxing standards. This can lead to bad legal outcomes because both the Defend Trade Secrets Act and the Uniform Trade Secrets Act require parties to take reasonable measures to protect trade secrets—even during a pandemic.
Companies should clearly define what information is trade secret and what actions are expected of employees and business partners who have access to trade secrets. Plainly worded policies, contracts, and communications are key. Marking documents confidential and implementing pop-up reminders at log-in act as constant reminders that the information being accessed is confidential and must be safeguarded.
Particularly for workforces that are new to remote work and companies that are rolling out new technology, training is important.
Remote employees should be trained on securing confidential information and reminded about basic precautions like keeping sensitive documents out of camera view during video conferencing, limiting printing as much as possible, not transferring data off company servers, and securely destroying or shredding any documents that may contain confidential information.
After setting expectations and training employees, companies must make sure employees comply. Software can help monitor access and use of systems and provide alerts when an employee engages in suspicious behavior like downloading, printing, or emailing sensitive information without an obvious business justification.
Software solutions will not only help companies monitor data access and transfer but also proactively protect company information. Two-factor authentication for log-in to company systems, limiting access to sensitive data to a need-to-know basis, restricting transmission of data outside the company’s servers and systems, and protecting the company from unauthorized access by third parties are all steps to consider.
Any companies that have relaxed security standards in the name of convenience and efficiency should take the opportunity now to strengthen them again.