As the law changes around employment and COVID-19 restrictions, many employers are starting to expect a return to the workplace. However, it’s unlikely that we will be returning in the same numbers as pre-pandemic, with many employers and employees alike looking to embrace hybrid working, a combination of home-working and office-working.
However, there are some consequences of hybrid working for the protection of valuable intangible assets such as trade secrets and other confidential information. So, what can employers do to mitigate the risks?
The risks have never been greater
Since the pandemic there has been a significant increase in the number of cyber security attacks and breaches, as business systems and information are more vulnerable when employees are working outside of the office.
But as we move towards hybrid working, new risks are emerging: employees will be transporting confidential information (whether in digital or paper format) between the home and the office more often, increasing opportunities for data to be lost, misappropriated, or intercepted.
Working outside of the office also presents more opportunities for employees to leak confidential information, whether deliberately or inadvertently.
So, what are the key consequences of a breach of confidential information?
- Financial: the cost of trade secret theft can be up to $1.7 trillion annually. Aside from the costs of legal action and fines, it can result in competitors obtaining valuable information about your business, which they can use to undermine your competitive advantage.
- Reputational: data breaches can have a significant negative impact on consumer confidence and a business’s perception in the market, particularly if the breach involves the disclosure of customer/client information.
- Operational disruption: dealing with data breaches requires significant time and resources and can significantly disrupt a business’s daily operations.
What action can employers take now?
- Co-ordinate your approach
To develop an efficient approach, it’s vital that a business’s HR, legal, compliance and IT teams work together. Whilst IT will need to take the lead putting in place appropriate data security and monitoring measures, HR, legal and compliance will play a important role in confirming that these measures are lawful and effectively communicated to the workforce.
- Don’t underestimate the role of your employees
Employees are a business’s greatest (and weakest) asset in protecting against data breaches and trade secret misappropriation. Whilst data security may be an increasing priority for an employer, employees do not always treat it with the same seriousness. Many employees unconsciously allow unauthorised individuals such as family and friends to access their work devices. This may be why businesses consider employee leaks to be one of most significant threats to the security of trade secrets.
So, what can employers do to prevent employee leaks?
- Ensure your contractual documentation with staff adequately protects confidential information. Key clauses include:
- confidentiality undertakings by the employee;
- an obligation to return and not retain copies of any confidential information on termination, and;
- post-termination restrictions preventing employees from working for competitors or soliciting clients for a set period after their employment ends.
- Ensure that staff are required to participate in mandatory data security training when they join and annually thereafter.
- Put in place robust policies and processes on confidentiality and data security, and that these are effectively communicated to staff.
- Consider the risks hybrid working presents and ensure that these are addressed in your policy and procedures. For example, can confidential information only be removed from the office if it is on an encrypted device?
- Ensure that your approach and communications reflect your legal obligations. For example, including clauses in employment contracts specifying the equipment to be used by an employee outside of an employer’s premises or set out how trade secrets and other sensitive information is to be protected.
- Avoid “bring your own device” policies
Businesses have increasingly adopted ‘bring your own device’ policies to complement their flexible working culture. However, this gradually brings external stakeholders into a business’s digital ecosystems, and due to the use of multiple cloud-based services, the risk of third-party breach also rises.
Employers considering implementing these policies need to be mindful of the risks and weigh these up against the benefits.
- If cost-saving is the driver, businesses should bear in mind the financial risks posed by data breaches.
- If a business does implement (or continue with) a ‘bring your own device’ policy, it should ensure that it has put in place sufficient security measures to reduce the risk of a deliberate or accidental data breach as part of the hybrid working model.
Onyx Solicitors can advise you on the best way to protect your business and trade secrets and help to guide you through the implementation and infringement processes in cases of breach of your IP rights. Please do not hesitate to contact our specialist team here at Onyx solicitors on 0121 268 3208 or email us at firstname.lastname@example.org with your query.