There are some common sense ways for small businesses to minimize the threat of employee theft of trade secrets. This is the second in a three-part series on the subject. The first post, on using HR policies to protect trade secrets can be found here. Today’s post deals with the employer’s use and implementation of technology to protect its data, trade secrets or other intellectual property.
Most businesses use some form of basic technology-based security solutions using their existing systems and software. For instance, if the trade secret is a computer-stored source code, a basic protection is to regulate access to it by requiring and assigning unique user names and passwords to each employee. A company may also choose to maintain electronic access records of computer logs to be able to isolate and determine who accesses their network and when. Most businesses also use some type of firewall to protect the business’ network or even maintain their trade secrets on separate servers.
Businesses should also consider providing technology solutions to employees so that they do not use unauthorized procedures to assist them in completing their work. For instance, when file sharing by e-mail becomes difficult due to data size restrictions, employees may use a third-party service such as dropbox to share restricted company data with an intended or authorized recipient. While the employee may have no bad intention, the sharing of the data in this way may permit unauthorized access, storage and sharing of the company’s trade secrets. For this reason, businesses should proactively implement regulated and authorized technology solutions to solve common problems encountered by employees who access protected data.
While these basic measures are important, many businesses are simply unable to develop internal technology processes to protect against the multiple growing avenues of employee theft. Observeit, which is one company that specializes in providing technology to protect businesses from employee theft lists these categories of internal threats to data security on its website:
- Running application reports that export huge amounts of sensitive data
- “Innocently” uploading sensitive data to a third-party cloud application
- Deliberately sharing sensitive data with others via email, cloud application, thumb drive, etc.
- Installing a remote desktop application to work from home, thus opening a remote back door into the network
- Responding to a phishing email, granting network access to a hacker
- Visiting unauthorized websites that could install malware on the network
Certainly access logs, unique passwords and firewalls are not sufficient to defend against these more complex and sophisticated internal threats. Because of the proliferation of insider theft of trade secrets, businesses should consider making an investment in third-party data protection services through such companies as Observeit, SpectorSoft or Watchdox. Common valuable services provided by such companies include encryption and control of files, controlling and changing permissions by user, tracking and auditing access to files, the ability to wipe files from company mobile devices, identifying and investigating suspicious activity, reviewing employee behavior analytic data, detecting unauthorized use of third-party applications and more.
While these technology policies and practices may not protect a business from all possible internal threats, they will likely go a long way in detecting, deterring, preventing and recording any unauthorized activity. Furthermore, such actions by a business will be a significant factual issue which can weigh in favor of a business that seeks to pursue an employee through litigation or arbitration after such theft has occurred. Data evidence of an employee’s actions collected by the business can be the key to enforcement of non-compete provisions or establishing a case for damages.
In the last installment of this series of posts, we will look at legal remedies for protecting an employer after a theft has occurred.