Any proprietary information that belongs to your business might be a “trade secret” or protected confidential information.
Trade secrets are a type of “intellectual property” owned by your business and they are protected by law. You can require people who work for you to keep trade secrets confidential.
Under federal law, a trade secret is defined as information from which your business gains “independent economic value” and which is not generally known to others. Also, you, as the owner of the information, must have taken “reasonable measures” to keep the information secret. Similar definitions also exist under the laws of most states.
While determining whether “reasonable measures” have been taken requires a fact-specific analysis, it generally includes such things as informing your employees, vendors and others about the proprietary nature of the information, noting that in business documents and employee handbooks, and transmitting the information only in secure ways, both physically and electronically.
When your team comes into the office, it’s easier to control their access and how they do and don’t share protected data. However, when some or all workers shift to teleworking, it’s a different story.
Especially in smaller businesses, many employees use personal computers or laptops at home and their own WiFi connections, which might have less security in place. The next thing you know, your trade secrets are out of your control.
The key to protecting your business is to be sure you’re taking reasonable measures to secure your trade secrets.A recent case from Illinois highlights the issue. A federal court there held that a company failed to take reasonable measures to protect its trade secrets when it gave its employees access to a shared drive, gave the same password to multiple employees, failed to encrypt files on the shared drive and didn’t restrict employees’ use of the material that contained the trade secrets.
Several other court cases have ruled similarly in cases with somewhat related fact patterns. Clearly, the risk can be even greater when employees are working from home, and that means being even more careful with your trade secrets.
Here are some suggestions on how to do it. Your business attorney can advise you on the details for your particular company.
Develop a work-from-home policy for confidential company information. Make sure it’s clear what information you’re trying to protect and ask your workers to sign the policy before you give them access.
Teach employees about cybersecurity. Give your workers guidance on malware, phishing scams and other ways information can be compromised while working online.
Add confidentiality statements when people log-in. Create a pop-up to make this apparent and consistent.
Provide company laptops for home use. It’s ideal if you can provide secure devices for your team to use at home, and allow them to log-in only through secure servers.
Create procedures for secure remote access. A great way to do this is to require two-step authentication for your team to access your networks.
Password protect all company databases. Provide a unique password for each user.
Make rules for how hard-copy information is managed. One way to do this is to tell employees they cannot print or copy company materials without your permission. They could also be required to keep files in locked file cabinets. And all documents should be shredded when they are no longer needed.
Prepare for when employees leave or are terminated. Be ready to terminate access to all networks, databases and devices if someone leaves the company under any circumstances.