Using Remote Workers? Protect Sensitive Company Data from Exposure

William H. ShawnCo-Managing Partner, ShawnCoulson

What seemed at first like a temporary COVID-19-driven work-from-home trend isn’t expected to end when health risks are mitigated, some surveys suggest. For example, one-third of employers expect that at least half of their employees will work remotely in the post-COVID era, though not necessarily every day of the week, according to a recent survey by the HR consulting firm Mercer. That’s a ten-fold increase compared to before the pandemic hit.

Whatever your plans are regarding remote working policies, many of the steps you might take to reduce the risk of intellectual property (IP) loss by employees working from home will also reduce losses by workers operating from your facilities.

Listing Your IP
Start by taking inventory of your IP and trade secrets, including:

  • Trademarks,
  • Patents,
  • Trade secrets, and
  • Copyrights.

Creating a formal list of IP assets and other sensitive company data is a good exercise under any circumstances. Keep in mind that it may include more kinds of information than you might have thought, not merely whatever “secret sauce” gives your products or services a competitive advantage.

Assessing the Risk

What needs to be protected is almost any kind of information that, in the hands of competitors or thieves, could cost you dearly. That includes such mundane items as customer lists and profiles, product and service prices, marketing plans and corporate financial information.

With general information you consider privileged, such as the scheduled date for a major upcoming sales event, it’s always easy for an employee to share it with the wrong people no matter where they’re working. Some data that has a long shelf life is likely saved on a computer and could be disseminated to people who shouldn’t see it.

Keep in mind, honest employees can be the cause of IP theft simply by letting their electronic guard down. Through carelessness or indifference to the risks, they could inadvertently give thieves access to sensitive data in their possession.

Establishing a Policy

The first step, if you haven’t done so already, is to establish a clear data privacy policy and then disperse it to your workforce. Your training program should be robust, not just provide a cursory section in employee onboarding. Also, the more precisely that confidential information is defined, the harder it is for a wayward employee to claim ignorance if caught sharing it with competitors.

From a legal perspective, if your policy stipulates that data privacy violations will be punished, it might not hold up in court if you haven’t taken measures to protect the data.

Here are several proactive steps to consider:

Document privacy policy acceptance. Once you have finalized your written privacy policy, require employees to sign a statement acknowledging that they have read it and accept its terms.

Segment data access. Most IP assets don’t need to be shared with all your employees. Carefully think through who needs to know what to perform their jobs, and limit access accordingly. You can start with a minimalist approach, then grant access to more sensitive data as the need arises.

Educate, educate, educate. When working from home, employees may be more vulnerable to theft of sensitive information on their computers by hackers than they are when working onsite. Ensure that employees are trained how to minimize the risk of cyber-theft, such as creating strong passwords, knowing how to recognize phishing schemes and so on.

Technology solutions. Virtual private networks, encryption systems and other tech-based data protection solutions are essential to help ward off external and internal threats. IT tools limit how employees can share information, plus computer use monitoring systems can discourage improper employee activities online.

Loose lips. Employees with nosey roommates or family members might not recognize the risk that those folks pose. For example, without malicious intent, an outsider may see hard copy versions of sensitive information and casually share it with others, possible landing it in the wrong hands. Recall the World War II period admonition, “loose lips sink ships.”

Beyond legalistic and technology-based strategies, think about possible social factors that could lead to employee misdeeds or sloppiness when it comes to proprietary company information. When employees work for extended periods in isolation from their peers, esprit de corps and discipline can evaporate — along with productivity. Combat that alienation by creating routine employee virtual gatherings and even social events that foster a team spirit and loyalty to your company.

Final Thoughts

Work-from-home arrangements can make your company more vulnerable to IP theft and loss. However, a combination of these approaches can limit, if not eliminate, that risk. A robust data protection plan may take time to implement, but it’s well worth the effort over the long run.