As more staff work remotely and more information is accessed outside the company premises, company networks are more exposed to intrusions and the risks of unwanted disclosure increases. There may be different threats: carelessness at home and human errors (remember that humans may be the weakest link in the security chain), employees using this occasion for displacing trade secrets, and external attacks.
EU trade secrets law requires companies to actively take steps to protect their information. While not all SMEs may be equipped for the level of remote working required by the pandemic emergency, large companies may have to update their policies too.
Here are five tips with practical steps for companies to consider:
1. Identify what trade secrets may be more exposed and update your data governance strategy
Pause for a moment and think what sensitive information can be most exposed to unwanted disclosures. Perhaps this is time to inventory your trade secret portfolio, and you can use this period to focus on what sensitive information deserves more attention.
2. Awareness and expectations: remind workers of their confidentiality obligations
Explain to your staff that during this emergency time they have to take even greater care of sensitive and proprietary information.
3. Remind your staff about the existence of policies
Send an alert reminding your staff about the existence of policies for IT security and confidential information protection, applying specifically to home working. If you don’t have one or your policy is not updated to encompass the risks related to remote working, take the chance to create or integrate it. If this requires too much time, create and circulate an infographic summarizing the key rules and practical recommendations.
4. Allow staff to use only company equipment and networks for working at home, to the extent possible
Allow staff to use secured remote access to company networks and to use only the company’s cloud and document management systems, where possible. Train them and designate authorized software, particularly for communication and collaboration among team members. Warn them to avoid using personal devices or accounts for working tasks (personal email, cloud services, or instant messengers/VoIP) and for transferring company information. Provide guidance on how to set up protection of home Wi-Fi networks. Give instructions on how to handle and dispose of any printed materials, and point out the risks raised by the oral exchange of information out of the office.
5. Make sure that all company network locations with sensitive information can be accessed on a need-to-know basis only.
Partner with your IT department to make sure that access restrictions to company network locations limited to certain teams/employees are correctly in place. Make sure that those locations are appropriately secured. Track access and logs to sensitive information and check whether alerts for irregular downloading, copying or transmission of sensitive information are properly set up.
Authored by Federico Fusco and Francesco Banterle