Keeping secrets secret in a mobile workplace

1024px-Facial_login_as_password_using_laptop_cameraBusinesses are always seeking an edge in their particular industries, whether targeting a local US market or seeking additional global market share. Part of getting an edge may include offering applicants or employees a menu of workplace flexibility options to create a positive workplace culture.

However, these options also may create opportunities for disseminating business information.  For example, a worker who telecommutes may be accessing employer-provided applications through personal mobile devices lacking adequate security, or may be viewing confidential business documents on an employer-provided laptop within public view (e.g., while sipping a latte at a major competitor’s local coffee shop).

So how can employers keep their secrets secret while allowing for workplace flexibility?

New Jersey attorney Louis R. Lessig of Brown & Connery emphasizes employer action in protecting secrets:  an employer “must take steps to prevent trade secret theft, because incidences of corporate theft are common: for an employer, it’s not a matter of if, but when.”

Develop and Enforce Common Sense Policies

An employer should anticipate potential privacy, discipline and security issues, and implement workplace policies that address those concerns. The policies should address confidentiality requirements, trade secret theft, employee privacy, discipline and mobile devices (either employer-issued or employee-owned).

Ideally, these types of policies should be implemented before any employees are hired, but it’s never too late for an employer to address these issues by updating existing practices.

Require Nondisclosure Agreements

New hires who will be privy to sensitive or confidential information should be required to sign a nondisclosure agreement (NDA) as a condition of employment.  Ideally, the NDA should include a return of materials provision, requiring an employee to return all employer property by his or her separation date.

Don’t Forget the Temps

Increasingly, temps (temporary or contingent workers) are hired to fill professional positions (e.g., attorneys and medical professionals) as well as management positions (e.g., CEOs, CFOs and COOs). This practice is particularly popular during times of change (say, during a merger, acquisition or corporate reorganization), when an employee is needed to shepherd the organization for a predetermined length of time.

This process requires an employer to hire a worker, provide that worker with extremely sensitive financial or other confidential business information, and fully expect that the worker may go work for a competitor within a relatively short time. While this practice may be a necessary part of doing business, an employer must protect itself from possible leaks by requiring NDAs.

Remind Employees of Responsibilities

Good communication regarding policies and procedures should be emphasized at all stages of the employee lifecycle:

  • During onboarding;
  • As part of regularly scheduled training; and
  • During separation from employment at an exit interview.

An employee’s responsibilities to keep secrets secret should not simply be part of a forgotten document, but instead be continually emphasized as part of his or her regular job duties.

Build Security into Business Systems

Reminding employees of responsibilities isn’t enough: an employer must build security controls into its systems, whether application-based (Mobile Application Management or MAM) or device-based (Mobile Device Management or MDM).

Employees should be restricted in their access to information based on the particular needs of their jobs, and adequate security tools (e.g., password authentication or biometric identification) should be used whenever possible.

Train Managers and Supervisors

Reminders serve management well, too. Trade secrets may be legally protected if they fall under the applicable law’s definition:

  • They are valuable;
  • Generally unknown to the public; and are
  • The subject of reasonable security measures.

Training managers on best workplace practices with respect to trade secrets will help protect employer property.

And if an HR manager learns of questionable employee activity, such as downloading large amounts of data to a flash drive, then that manager should be prepared to take action. Protecting a business from trade secret theft requires not only adequate preparation, but a swift and proportional response.



, ,