An interesting article by the Hogan Lovells team in Milan looking at some of the risks, and more importantly the things companies can do to mitigate those risks, with more people working remotely from home. Although these tips are focused on the current COVID-19 crisis, they are valid in times of normal operations, and companies should always bear them in mind!
Looking specifically at the five tips set out in this article:
- The first tip is arguably the most important. Companies need to know where their trade secrets are maintained, how they could be exposed and therefore know how to protect them.
- Education. Education. Education. Making sure that everyone within the organisation is aware of cyber risks and the duties they have to help protect sensitive information is a key control that is relevant to everyone!
- Reinforce and restate the polices that you have in place to ensure that awareness of them and how people are expected to behave is increased.
- Where possible, control the equipment being used by staff when working from home. This is not always possible, but it does provide stronger protection to do so, and ensure that appropriate software is also used to protect data and communications, such as a VPN.
- Ensure that data access rights are allocated on a need to know basis rather than running an "open-shop."
There is never going to be a completely secure solution available, but following these tips and going further can help businesses protect their trade secrets. If anyone is worried about this, please feel free to contact me or my colleagues: Lorenzo Grillo or Rocco Grillo.
As more staff work remotely and more information is accessed outside the company premises, company networks are more exposed to intrusions and the risks of unwanted disclosure increases. There may be different threats: carelessness at home and human errors (remember that humans may be the weakest link in the security chain), employees using this occasion for displacing trade secrets, and external attacks. EU trade secrets law requires companies to actively take steps to protect their information. While not all SMEs may be equipped for the level of remote working required by the pandemic emergency, large companies may have to update their policies too.