ITMG Insider Threat News October 26, 2022

Protecting Trade Secrets in Remote and Hybrid Workplaces: 3 Questions Employers Should Be Asking Themselves

Employers today are coming to terms with what has developed into full-time remote or hybrid work arrangements for many workers. However, you should recognize that the rise of these work arrangements may create additional security risks for your trade secrets and other confidential business information, particularly when employees leave your company to work for a competitor. Therefore, you should consider taking steps to identify trade secrets and consistently enforce reasonable security measures for all employees. Here are three questions to ask as you create an action plan to protect your trade secrets.

A 5-Step Action Plan to Plead Your Trade Secrets Case: Dancing on the Head of a Pin with Possibility, Plausibility, and Probability

Trade secret cases, by their inherent nature, require speed. For instance, a former employee may have stolen key data and gone to a competitor — and you need to move fast to protect your confidential information. But that does not excuse you from drafting a generalized legal pleading as you assert your claims in court. While you do not have to disclose a secret to protect it, you must put the defendants on sufficient notice regarding the identity of the trade secret, the reasonable measures you used to keep it secret, and how the trade secret was misappropriated (taken, disclosed, or used). Since the passage of the Defend Trade Secrets Act (DTSA) in 2016, federal courts have seen a significant increase in trade secrets cases — and this will not stop anytime soon. Filing a lawsuit may help you to recover stolen information, stop its use, and obtain damages. But what do you need to show the court? At the pleading stage, employers generally must provide a “short, plain statement of the facts.” However, two U.S. Supreme Court rulings — the Twombly and Iqbal cases — seem to require something more. What do you need to know before you file a trade secret claim? This Insight provides you with a helpful five-step action plan.

Trade Secrets and Patents: A Great IP Combo

It is not as simple to say — trade secret or patent. In fact, trade secrets and patents can work together to ensure companies the broadest possible protection — and increase your company’s value. Trade secrets and patents provide different forms of protection and protect different types of information. A patent has a term of 20 years, while protection for a trade secret can last indefinitely. A patent gives you the exclusive right to prevent others from commercially exploiting the invention during the life of the patent. This is provided in exchange for the full disclosure of the invention. A trade secret, on the other hand, is not disclosed, and therefore can last indefinitely so long as certain steps are taken to ensure the secrecy of the trade secret.

The Judicial Balancing Act: How Judges Manage Competing Interests in Trade Secret Cases

Like all lawsuits that require an exchange of confidential information, this one included a “protective order” that allows each side to designate documents and testimony as available only to the other side’s lawyers, with strict limitations on what can be done with it. But those restrictions actually lubricate the exchange, because the disclosing company knows that its information is only being seen by the lawyers. That is, until those lawyers perceive a specific need to share some of it with their clients. In the Wisk lawsuit, Archer’s lawyers petitioned the judge to allow each of the departed engineers to see the highly confidential trade secret description produced by Wisk, claiming that they needed their clients’ advice on how to defend the claim. Wisk adamantly opposed, arguing that the disclosure would serve to refresh the engineers’ memory about information they had (or should have) left behind two years ago, causing additional harm to Wisk.

Reducing Insider Risk Through Employee Empathy

Forrester has some thoughts on how to mitigate risk during a layoff. Their recent blog post, “Practice Empathy to Reduce Insider Risk” talks about the importance of treating employees respectfully during a layoff. They cite the example of Coinbase sending a company-wide email announcing a cutback and stating, “If you are affected, you will receive this notification in your personal email, because we made the decision to cut access to Coinbase systems for affected employees.“ Obviously this method conveys a lack of respect from the company for their affected employees.

Forrester is correct that empathy is needed during a layoff. We would like to take it one step further and say that empathy and respect are also critical to an organization throughout an employee’s tenure. Many employers worry that a remote or hybrid work environment leaves employees feeling disconnected. The solution is to foster better workforce engagement. Research shows an engaged workforce performs better, experiences less burnout, and stays in organizations longer.

Apply Critical Thinking and Culture to Reduce Insider Risk

Critical thinking in a digital society is a skill that all security professionals must develop, especially as we become more reliant on technology. A key component of insider threat prevention is to develop increased awareness and understanding of hidden dangers. Critical thinking helps individuals become more attuned and less susceptible to such dangers, including social engineering, solicitation by adversaries (foreign and domestic), and harmful information.

We won’t solve insider threat solely by applying technology solutions. Instead, we must go a step further and engage and influence stakeholders at all levels of the organization to build that critical thinking, change behavior, and instill security into the culture. Awareness alone is not enough.

Discover more from ITMG

Subscribe now to keep reading and get access to the full archive.

Continue reading