Stop the spread of your confidential information by making sure your policies are squeaky clean

With the increase in ‘WFH’ the fluidity between our work and personal environments has never been greater.

While bringing positives in terms of flexibility, reduction in commuting time and reduction in the need for office space, it does pose challenges in keeping sensitive and confidential business information secure.

This was highlighted in a recent survey conducted by Censuswide. Of the 200 UK businesses polled, 39% had dismissed employees due to cybersecurity or data breaches since the start of the COVID-19 pandemic. The survey also revealed that 58% of businesses suspected that homeworking had encouraged employees to breach security protocols.

With many businesses indicating they are unlikely to return to their normal office environments until 2021, these statistics are perhaps only set to increase. Those surveyed pointed to a number of areas of concern, including employees using their personal devices and failing to change passwords.

With working from home or just working away from the traditional office here to stay, employers need to update their confidentiality and home-working policies. It needs to be made clear to employees that protecting and securing data and confidential information, remains just as important at home as it is in the office.

Employees should be made aware that a breach could lead to disciplinary action - potentially leading to the termination of their employment and / or court action to secure the information, should it have been removed from the company server or shared outside the organisation. Once information is no longer stored on a company’s secure network the possibility of misuse is much higher, with the business having no control over who might be accessing it.

In the coming months the economic landscape is going to face many challenges. With that will inevitably come redundancy of employees in a variety of sectors.  Typically at this stage of the economic cycle, we often see individuals starting their own businesses or moving to competitors to carry out a similar role. But what if your departing employee takes your confidential information with them to further their new business or indeed to pass to your competitor?

This can also be a concern for the new employer who may, unknowingly, be receiving their competitor’s confidential information along with the new employee. We are often asked to provide urgent advice on scenarios like this. Of course, prevention is always better than the cure. Once the information has left your secure system, it is hard to put it back in its box. As such, focus should be put on checking the stable door before the horse has bolted.

Highlighted below are key information security aspects you should consider:

1. Look out for the latest IT solutions. Sensitive documents can be tagged, so they are flagged if they are removed from the company’s systems.
2. Limit access to confidential information within your business. Consider putting barriers in place in your system. Employees only need access to the information required to enable them to fulfil their specific role.
3. Make sure all company laptops have VPN access. If staff are provided with the ability to log on and work remotely then there should be no need for personal e-mail accounts to be used to enable home-working on personal computers.
4. Control the extent to which personal devices can be used to download company information. We often hear from clients that their employee / contractor has connected a USB storage device to their work computer and removed confidential information. It is always prudent to ensure that personal storage devices should not be able to be connected to company computers / laptops.
5. Implement effective written policies which are updated regularly and shared with employees to take into account the developments in the way the business is operating and how staff are working. It is crucial that staff awareness of the protection of confidential information is high. The more you can get your staff to “buy into” keeping information secure the better and the more likely your business will be able to pursue and defend any litigation from employees who fail to follow the rules. Conduct regular training sessions and promote awareness of the risk to the business as a whole, and to the employees as individuals if confidential information is misused.
6. Manage the risks of ‘bring your own device’ by ensuring that only company devices can be used on company Wi-Fi.
7. Ensure reasonable efforts are taken to keep confidential information secure to be able to rely on the Trade Secrets (Enforcement, etc.) Regulations 2018. For information to qualify as a trade secret under the Regulations “reasonable steps” have to be taken to keep it a secret. Therefore, active protective measures must be taken.

Every business will have confidential information which is at the heart of its success, it can be anything from the “secret sauce” recipe to business plans and customer lists. It is certainly not information that you would want your competitors getting their hands on, especially when you have made significant investments developing and honing that information over a period of time.

So do not make it easy for a breach to take place and, in the event that it does, make sure you act quickly to contain its spread.

We regularly advise businesses on the steps which can be taken to protect their confidential information, trade secrets and other intellectual property rights - along with how to interact with employees if a breach occurs.

If this is something your business could benefit from, please do not hesitate to get in touch on the contact details noted below.