In non-compete and trade secret litigation, key evidence of employee misconduct often comes to light through a forensic examination of the employee’s devices and accounts. These forensic reviews can identify suspicious activity, such as an employee forwarding information and documents to a personal email address, accessing large amounts of company files around the time of the employee’s resignation, or attaching flash drives and other external devices that may be used to misappropriate company files.
However, now that many companies have their employees working from home in response to the COVID-19 pandemic, employee actions that were typically considered “smoking guns” in the context of non-compete and trade secret litigation now could regularly be occurring in the work-from-home environment. It is not unusual to hear about employees working from home who have forwarded documents to their personal email accounts to print them from a home office printer, or who have used a personal or even a family member’s computer to work because they had technical difficulties with their company laptop. In other words, employees may now have more plausible excuses for actions that would normally be cause for concern, making it difficult for employers to evaluate whether company information is at risk.
With a greater percentage of the workforce now working from home, employers may need to reevaluate their current policies and practices and implement new ones to protect their information. The following are practical tips and considerations for employers with a remote workforce to keep in mind.
- If company policies on confidentiality and information security do not account for the work-from-home environment, revise and update them so that they do.
- Train remote employees on confidentiality and best practices for securing confidential information. This may include setting clear expectations and limits on what employees can and cannot do when working from home, and reminding them that they should not email company documents to their personal email accounts or transfer data off of the company network.
- Instruct employees on who to contact and what to do if they are having technical issues, so that it is easy for them to seek out a solution with IT before resorting to using an unsecure network or device. Encourage remote employees to use the company’s IT team to troubleshoot, and provide a plan for what they should do until the IT team can provide a solution.
- Home internet can be unreliable, causing employees to seek other work spaces with a faster internet connection that may not be as secure or private as their home internet. Consider strengthening the company’s reimbursement policy to incentivize employees to sign up for faster internet plans so that it is easier for them to work from home. Keep in mind that reimbursement for internet and other home office items that employees use to perform their work from home may also be legally required under certain states’ laws.
- As employees set up their at-home work stations, it is reasonable to expect an influx of technical issues and questions. Consider providing a greater level of IT support as employees acclimate to working from home, such as expanding the company’s IT team, or increasing the IT department’s hours of availability (keeping in mind any applicable overtime pay requirements that may arise).
- A variety of software solutions can help companies monitor their systems and flag suspicious activity, such as downloading large amounts of data or emailing attachments containing confidential information.
- If not already used, companies should install security software that requires multi-factor authentication upon login to company networks. Companies should also ensure appropriate security standards are in place, including password protecting confidential information, and limiting access to trade secret and confidential information to only those employees with a need to know.
- If a remote employee’s employment ends, make sure there are protocols in place so that they can easily return company information and devices, such as providing them with pre-paid shipping labels and boxes. Additionally, ask the employee for a list of devices they have used while working from home, what they have used them for, and where company information may reside. This will allow the company to keep tabs on devices, folders, and accounts and know what to check if an employee leaves.
The “new normal” created by COVID-19 means companies need to be flexible and adapt. However, adjustments to new work arrangements should not come at the cost of information security. Legal counsel can assist with reviewing policies, practices, and procedures to ensure they are up to date and provide adequate protection.