Security From Afar: How Best to Protect Trade Secrets in a World of Remote Working, Zoombombing, and Uncertainty

A lawyer’s view of the impact of social distancing on the protection of trade secrets. This should be baked in to your Acceptable Use Policy and reinforced through your training and awareness program (you’ve got both of those, right?)…:

[…] So what’s an employer to do, in light of these challenges? It is often not reasonable or even possible to avoid discussion of a business’s trade secrets. And many employers will not feel comfortable mandating in-person meetings anytime soon, notwithstanding relaxed governmental restrictions. Here are some best practices for businesses to not only prevent misappropriation to begin with, but to put themselves in the best position possible in litigation, should a rogue employee (or Zoombombing stranger) misuse trade secrets:

  • Carefully consider which conferencing platform provides the best security. There are numerous apps on the market to facilitate remote conferencing, but each has its unique benefits (and weaknesses). While ease of use may be an important factor to consider for standard meetings that do not including discussion of confidential or otherwise sensitive information, that factor must yield to superior security when a meeting is convened to discuss trade secrets. Oftentimes, apps or features within apps that have better security (such as encryption) are more expensive, and employers may be tempted to avoid additional costs given the current economic climate. But skimping on security would be penny wise and pound foolish, as losing the company’s trade secret protection would be disastrous.
  • Some employees may eschew the company’s preferred (or even mandated) platform and schedule meetings using another, less secure app. While there may be no way to completely avoid this, businesses should regularly remind their employees of the company’s requirement that a particular platform be used for company business, and explain the reasons why use of the mandated platform is critical.
  • Become familiar with security settings within the company’s chosen platform, and, it should go without saying, use them wisely. Some apps allow—but do not require—a special password to join a meeting. Likewise, some platforms contain settings that would require the meeting host to admit participants into the virtual room, but this setting is optional, not mandatory. Ideally, an employer would be able to implement the highest security measures available as the default setting on an enterprise-wide basis. Even where this is not possible, businesses must advise their employees to take advantage of each security setting available when hosting a meeting to limit risk.
  • Instruct employees to implement security measures outside the conferencing app, as well. For example, employees should be advised to use a private room wherever possible, and if finding a private space is not possible, they should use headphones and restrict their screen view.
  • Employers should create and distribute written policies regarding best practices for remote conferencing. These policies should be distributed early and often—not only to remind employees of their duties (and hopefully reduce the risk of misappropriation to begin with), but also to best position the company should litigation ensue. A clear record of the company’s efforts to maintain confidentiality and put its employees on notice of company policy will help a trade secret plaintiff demonstrate that it took reasonable measures to safeguard the information at issue, a critical component of proving the existence of a trade secret.
  • As always, employees with access to confidential information and trade secrets should be bound by strict non-disclosure agreements, and be reminded frequently of their obligations under those contracts.
  • Reminders of the need to protect the confidentiality of the information to be discussed should be given at the start of any meeting in which trade secrets are to be addressed.
  • Finally, as employees slowly begin to return to in-office work, they should be instructed to bring in any notes taken during discussions involving trade secrets, for either safekeeping in office files, or professional shredding.

[…]

Read the original article here