Posted in Uncategorized
Five Steps to Take Before Your Workforce Comes Back to the Jobsite
In various states, and in many overlapping and differing time frames, the American workforce is beginning its gradual return to the workplace. And just as we chronicled when the mass migration flowed from corporate environments to home offices, the issues that this mass migration raises are myriad, and range from matters of convenience to much more consequential issues, be they legal, safety-related, relevant to employment practices, or even ethical.
Intellectual property has certainly not gone unaffected, in both the exodus from and the return to what we’ve long considered to be more typical working environments. Just as critical as shoring up your IP exposures and vulnerabilities was when your entire workforce began working from home (often on personal devices not governed or monitored by your corporate safeguards), so too is it now critical to address any potential liabilities that will arise when personnel come “back to work.”
Here is my IP checklist for employers and employees as we begin to resume more “normal” operations.
Step One: Don’t Allow Reconnection to the Company Network
During our work-from-home stints, company-owned devices, as well as their BYOD counterparts (employees bringing their own devices to the employment relationship), have been exposed to all sorts of security risks. From hacked Web conferences and unsecured wifi networks to the overall blurred lines between personal and work-related device usage, the devices your staff will bring back to the workplace have been exposed to all sorts of malware and bad actors. Hackers and spambots have been particularly active during this quarantine, and the last thing you want to do is to plug exposed or infected devices into your IT network.
Just like the coronavirus itself, computer “bugs” are constantly looking for new hosts to attack and infect. A corporate network, sometimes with thousands of connected device clients, is one of the fastest ways for these malicious scripts to spread and inflict damage—or find information and data you’ve got protected behind security measures and firewalls.
When your workers were at home, they weren’t operating within the confines and safety of a corporate security software suite. Nor were their devices being monitored for exposures and attacks, most likely. Please don’t reflexively allow everyone to simply “plug back in” when they return to work, as you could be opening the door to spyware and malware that could potentially breach the entire corporate network and expose your valuable intellectual property assets to thieves and pirates.
Solution: I recommend having your IT department perform a scan of all devices coming back into the corporate network to check for security threats and signs of infection.
Step Two: Collect Physical Documents for Digitization and Destruction
Many employees may prefer reviewing and marking up draft documents in printed form. Others may need to print documents for signed authorization. Others will print simply out of force-of-habit. Hopefully, you’ve been encouraging such employees to collect and securely store these printed documents, as releasing them into the wrong hands out of benign neglect could potentially expose your company to millions of dollars in IP liability, should the garbage collector, a nosy neighbor or a purposeful snooper go rummaging through your trash and recycling bins looking for valuable information or trade secrets.
Solution: Encourage your team to bring these documents back to the office for proper destruction, filing or scanning for digital storage. You might even consider implementing new policies and procedures relative to the printing of documents at home. Which brings us to…
Step Three: Review Employee Manuals, Practices and Procedures through an IP Lens
The COVID-19 pandemic and its economic fallout took the world by sudden surprise. We weren’t prepared for it. But we learned quickly what our vulnerabilities were, IP or otherwise. It opened both employer and employee eyes to our gaps, limitations and shortcomings. It also opened the world of employment to unforeseen intellectual property dangers, as we’ve chronicled.
Accordingly, all of your employment practices, policies and manuals need to be reviewed with a new eye towards decentralized work environments, either forced by extenuating circumstances (which could very well happen again) or the likely reconsideration of work-from-home policies that have come as the result of our mandatory trial run. Things to consider addressing include:
- Do we have a new remote working policy?
- Should we really have a BYOD policy?
- Should we regulate or better govern screen-sharing and Web conferencing practices, which invite unwelcome IP exposures?
- Printing policies and document destruction
- Remote device monitoring and limitations on personal usage
Solution: Every company will need to decide what the guidelines are relative to all of these issues and many like it, and every company has its own culture and risk tolerance. But every company should have an IP attorney review written employment practice documents and manuals to make sure they aren’t inviting intellectual property vulnerabilities that could cost the company millions of dollars, when so many of these exposures are avoidable by modernizing policies for a new reality.
Step Four: Be Clear Who’s Really on the Team
The post-COVID era will bring all sorts of new creative employment relationships between company and worker. Many are already considering job sharing as a way to defray employment costs and meet more limited budgets. Many have already been outsourcing non-critical operations, such as payroll, bookkeeping, HR and marketing services to vendors or contract workers—and many more will now consider joining them. As we continue to spread the tentacles of who has access to the company assets and IT networks to perform tasks and share data, we are growing the risks of leaking what should be protected company information into the wrong hands.
Solutions: Enact sophisticated credentialing into your network access policies. Not everyone needs complete and unfettered access to “the system,” meaning, your entire network. Permissions should be highly limited to only that which is vital to the given task and outsourced partner. Remember, these individuals aren’t governed by your employment practices and policies, so make sure they are signing confidentiality agreements in all cases. Work with your IT team to secure the former, and your IP team to draft and deliver the latter.
Step Five: Connect Your IT and IP Professionals at the Hip
As the old adage goes, an ounce of prevention is worth a pound of cure. The best time to plug a leak in the intellectual property dam is before it springs. And the best way to protect your company and its war chest from expensive or crippling IP exposures is to prevent them from ever happening in the first place. This will require that your IT team and your intellectual property attorney work in close concert and collaboration. One is an expert at identifying where the potential breaches may occur, and the other is an expert at closing them off. There should be regular meetings, joint collaboration on specific IP projects, and consistent communication, back and forth.
Solutions: Schedule a meeting as soon as feasibly possible between your IT team and your IP representation to discuss establishing a formal working relationship and project roadmap for the year. You may even want to do this before everyone is officially “back to work.” Yes…a Web conference may have to do in the short term!
If you would like an IP review of your employment practices documents, I am open to a no-cost, no-obligation conversation to discuss your options. Contact me to schedule a phone call at [email protected] to get started.
Disclaimer & Notice: The content of this article does not constitute legal advice. The information presented herein is for informational use only. Not responsible for the actions or failures of third parties. Not responsible for any action or inaction based on the content of this article. The content of this article is solely the opinion of the author(s) and may not necessarily be those of Remenick PLLC, its clients or members. Reading this article does not constitute the establishment of an attorney-client relationship. Any communication received will not be confidential unless and until an attorney-client relationship is established by an engagement letter. The content of this article may not be current as of the date of access and may be removed or updated without notice. Consult with legal counsel before undertaking any legal action.