The coronavirus has forced many employers to adapt and implement new mechanisms – including remote work – that allow them to perform, protect workers and customers, and comply with emergency directives.
Though not always a solution for every industry or business, work-from-home policies do have their benefits. They not only ensure compliance with evolving health and safety directives, which include stay-at-home orders and social distancing, they also allow abled-businesses to continue operating and paying employees – thus making them eligible for potential relief under stimulus programs like the CARES Act and Paycheck Protection Program.
As with many decisions at the employer level, however, there are risks associated with remote work. As companies roll out remote work policies, refine logistics, and consider the long-term use of remote technology post-COVID-19, it’s more important than ever to address the security of trade secrets.
Why Take a Proactive Approach to IP Protection
The coronavirus has profoundly reshaped how business is being done, and it continues to create challenges associated with an increasingly remote workforce.
- For companies forced to create remote work policies when no prior policy existed, there are significant risks and obstacles associated with the misappropriation of trade secrets, device management, accessibility restriction, home and shared network security, and the sheer logistics of rolling out infrastructure under what can be comprehensive, highly technical plans.
- For employers with pre-existing work-from-home options, the same challenges apply, as they may the need to relax or revise policies and procedures in light of the pandemic.
A proactive approach to protecting confidential information and intangible assets (and documenting those efforts) not only safeguards employers against worst-case scenarios (that is, the theft of trade secrets), it may also position companies facing trade secret violations for effective enforcement measures under trade secret laws, which require a level of reasonable effort to be taken in order to keep information secret.
These are certainly unprecedented times for which relief and regulatory rollbacks are appropriate, but there is no crystal ball indicating whether businesses will catch a break on IP protection lapses. The immediate and rapid proliferation of remote workers alone may not serve as justification for employers who suffered losses because they failed to implement proper and proactive precautionary measures.
Tips to Protect IP With a Coronavirus Remote Workforce
Trade secret protection has no exact science; companies should evaluate disclosure and misappropriation risks within their structure and industry, and assess appropriate measures they can take to protect what’s important to their business.
Hendershot Cowart P.C. can assist businesses in developing, auditing, revising, and implementing work-from-home policies amid COVID-19, and provide comprehensive counsel to create custom-tailored plans that address IP agreements, regulatory compliance, and industry-specific guidance. Still, there are best practices and general steps all employers with a remote workforce should keep in mind:
- Communicate with employees: Regulation of a company’s immediate workforce is the first line of defense in protecting trade secrets. That means providing communications and updates for employees that contain express and repeated iterations of company policies that apply during WFH situations, such as policies to disseminate proprietary information only to authorized parties, secure company devices, secure company devices and information, and discussing protocol for reporting known or possible improper access of company information. Employers may send out explicit notice and request employees to acknowledge.
- NDA review and revision: Companies should review any existing non-disclosure or IP agreements and evaluate their application to remote work and the current environment. If necessary, revise agreements and require employee execution prior to granting remote access, or as a condition for continued access.
- Educate employees about bad actors: Employers should educate workers about ways to effectively protect against and manage security risks. This can include disseminating information about common scams (i.e. phishing, malware, malicious communications meant to infiltrate networks), creating videos, or holding webinars for internal education purposes. Employers should ensure employees understand they must verify the identity of any parties with whom they intend to electronically or remotely communicate / transmit sensitive information, to only open messages from trusted sources, and to report suspicious communications.
- Designate a WFH point of contact: Companies can consider designating an employee or multiple workers as contact points for remote work-related issues, whether they’re an extension of the IT or HR departments, or a bit of both. This person can help field questions, manage the influx of low-level issues, and alert IT and company officials of potential risk areas or disclosures.
- Software / technology protections: Industry and regulatory issues permitting, employers can explore ways to leverage technology to bolster IP protection. This may include anti-virus / malware software on all company devices, mobile device management (MDMs) and tools for remote lock-out and wiping should devices be lost or compromised, using two-factor authentication, using VPNs and secured networks, and implementing systems which catalog / flag significant remote access, downloads, and data activity on the company network.
- Restrictions and controlled access: Employers should assess and determine which employees need and / or should have access to trade secrets and other sensitive company information, and adjust permissions accordingly. Employers may also consider limiting when, from where, and for how long certain propriety information can be accessed (i.e. only on company devices in secured areas away from others).
- Vet videoconferencing tools and technology: With concerns about security breaches involving the popular Zoom videoconferencing app, employers and IT departments should carefully vet various platforms and technology to ensure they are secure and safe for intended use by employees working from home, and develop policies for approved services and means of use.
- Review agreements with vendors: Trade secret protection doesn’t end with internal policies for workers; employers should also evaluate suppliers, vendors, and other contractors / outside professionals involved in hosting, facilitating access, or accessing company information to ensure they are taking steps to protect trade secrets if they too have WFH policies.
As with many matters of compliance and IP protection, there is no one-size-fits-all formula. Businesses that wish to take reasonable measures to protect their most valued assets should prioritize their information management, agreements, and protection efforts in ways that make sense for their business and the current climate.
At Hendershot Cowart P.C., our attorneys are available to speak with business owners who have questions about navigating IP and other business-related issues during these difficult times. Call or contact us online to speak with a lawyer.