Posted in Uncategorized
The Problems You Might Not Have Thought of…and How to Solve Them
As millions of Americans have suddenly adapted to their new remote working environments, employers everywhere have become acutely aware of the tradeoffs. It’s not all bad, actually: Some employers have reported gains in productivity, as commute times have been eliminated and unnecessary meetings have been curtailed.
But said tradeoffs are obviated: Reduced supervision of staff, decentralization of company assets, and limitations on managerial oversight.
One particular exposure that represents more than a nuisance, more critical than a mere workflow disruption, is the protection of intellectual property in a distance-working environment. Some of these vulnerabilities are apparent—indeed, some have even made headlines (“Zoom-jacking,” e.g.)—but others go dangerously unconsidered. For those companies for which intellectual property represents a competitive advantage in the marketplace, the consequences at stake could be severe.
Here are some IP problems that may have arisen while employers have been otherwise occupied, scrambling to adapt to “the new normal.” Perhaps you’ve already considered some of these…perhaps some of them crept up without you even realizing it. But for every problem, there are proposed solutions…
Problem: Yes, Video Conferences Pose Security Risks
Zoom’s security flaws have been well documented (and mercilessly exploited). But there are many undiscussed security vulnerabilities that come with the web conferencing territory, regardless of which software platform you use to conduct video conferences. Leave “Zoom bombing” and hackers aside for a moment (though, not to dismiss their risks as anything other than real), as the software giants are working feverishly to plug holes and fix bugs. Have you actually considered your (or your team’s) own behaviors on these platforms, and the IP exposures those represent? Consider:
- Participants who join a meeting too early, or leave too late, who may gain unacknowledged access to private conversations occurring outside of the confines of the meeting.
- The employee who shares company-protected IP on a screen share, only to have a participant take an unauthorized screenshot of the content.
- The document sitting on a desk, a model drawn on a whiteboard, or other intellectual property that is unintentionally within camera-shot, for the all the world to see (and possibly record) without permission.
- The counterfeit emails that are suddenly circulating, which appear to the recipient as an invitation to a web conference but are instead traps to enable spyware or malware.
People’s guards are down right now. We’re in unfamiliar working territory, and the distractions and stressors outside of work are many. They can be forgiven for making honest mistakes. But can your company withstand the financial damage that results from IP finding itself in the wrong hands? This is, in fact, “the new normal”…and will be for some time, for many. Oral arguments and court hearings are already being held via video conference. This isn’t going away. It’s time to address these vulnerabilities today!
Solutions: Now is probably a good time to update and document company procedures relative to video conferencing, whether they be updates to employee handbooks or newly issued guidance apart from the employee manual itself. Enact reasonable policies to limit the reflexive scheduling of video conferences. Remind your employees: Does every meeting really need to be a Web cast, or will a phone call suffice? Suggest instead that conversations should remain private, behind a closed door, and if at all possible, via phone and one-to-one, when sensitive IP is going to be discussed.
Problem: At-Home Wifi is Often Not Secure
Now that your team is working from home, they’re accessing the Internet using home wifi, and not all of those networks are secure. For one, many homeowners forget or neglect to assign a password in order for users to gain access to the network. In some cases, a chosen password is too simple and vulnerable to hacking by nefarious actors. Practically none of these networks come with the sophisticated network security and monitoring that enterprise networks are armed with.
In the blink of an eye, your entire workforce went from a secure network locked down behind a corporate firewall to one that is replete with potential vulnerabilities. Where does that leave your intellectual property assets that are stored on devices, shared electronically or uploaded to who-knows-where?
Solutions: Consider urging employees to connect their devices to the Internet using 5G cellular data instead of wifi. This may require an investment in individual reimbursements to employees who will have to come out of pocket to pay for unlimited data plans to their wireless providers, but consider the alternatives. Would you rather incur the financial damage that could result from having all of your valuable company assets sitting on and moving across potentially hundreds of unsecured networks with no way to monitor whether they are vulnerable to security breaches?
Problem: Personal Computers are Far Too Personal
Is your team suddenly conducting company business on a personal computer or private device? If so, keep in mind that these are the same devices they might use to access the Wild Wild West of the World Wide Web: social media sites, frequently hacked credit card and banking sites, online chats and forums where hackers go to prey on the innocent, and so on.
Solutions: Another investment to consider is issuing company-owned devices to those who don’t already have them. Make it company policy to keep personal business on personal devices, and work business on work devices. There’s too much at stake to operate otherwise. Long-term, employers who do so should reconsider BYOD (bring your own device) policies. While well intentioned and often resulting in reduced capital expenditures, they present real issues relative to IP by blurring the lines between what’s appropriate for work and what’s acceptable during “off hours.”
You may also consider remote monitoring software that can be placed on devices, that tracks user activity, sites visited, etc., so that your IT team can keep reasonably appropriate “tabs” on how company equipment is being used. While this may seem Draconian, it could very well protect your from IP exposures and even lawsuits. And you may be able, long-term, to offset some of those perceptions of Big Brother by allowing employees to bring personal devices to the office to use during break times, as appropriate. Surveillance software may sound severe, but not as severe as the consequences coming from stolen IP.
Problem: Document Disposal is Down in the Dumps
What is happening to the sensitive information that is being printed out at home for review? In all likelihood, it’s not being shredded as it should be at the office. Think of all of the people who now have access to your documented (and probably recycled) IP, from family members to those aforementioned Zoom participants with wandering eyes, to neighbors on garbage day, and to the recyclers that pick up paper refuse weekly. That’s a lot of unwelcome eyeballs.
Solutions: Enact company policy that encourages the use of electronic documents only, at least until we return to the office, at which point, saved up and securely stored papers can be properly disposed of. The world is moving toward paperless documentation anyway, so these are good habits to form in the long run anyway.
Perhaps consider an investment in shredders, if necessary for those employees who simply must print things out at home. Or offer to pay for a document disposal solution like Iron Mountain, so that you can be sure no intellectual property finds its way into the wrong hands.
Problem: 3D Printers and the Prototypes Lying Around the House
An employee brings home a prototype to have a physical model to look at during a design project. That employee has a family member or friend over to the house—or conducts a web conference with someone—who just happens to work for a competitor, a supplier or anyone else who might benefit from seeing advance concepts and designs. What is likely to happen next? Do you really want to find out?
The proliferation of 3D printers only makes IP more susceptible to theft or counterfeiting. These days, not only can someone take a picture of your model, then replicate it in CAD, they can even print out an exact duplicate!
Solutions: What happens in CAD stays in CAD! Now more than ever, we need to be very careful and very strict about what physical modeling we will allow to leave the company domain. Now that everyone’s working from home, what exactly constitutes the “company domain” anyway? Have policies in place, and limit the travel of physical prototypes where possible.
Problem Whack-a-Mole and More Proposed Mallets
The exposures don’t end there. And with the evolution of technology, the complexities will only heighten. We’ll have to keep our eyes on everything, and create policies to regulate behaviors and mitigate IP exposures as new problems inevitably emerge. Things like:
- Should we only allow/issue devices without data ports, or disable data ports, to minimize the risk of bad actors collecting our IP onto a flash drive without authorization?
- Should we install two-step email verification procedures, so employees can’t mistakenly reply-to-all without clearing a confirmation prompt?
- Should we disable the auto-completion of email addresses in email programs, so the wrong Johns and Janes don’t mistakenly receive our protected and precious IP due to an unwitting auto-complete error?
- Should we prepare for the Brave New World where 3D printers proliferate and virtually anyone can print out in minutes what takes us months and years to design and engineer?
This new work-from-home reality was forced on us suddenly and without warning. It’s caught us all off guard. But it also serves as fair and stark warning about the intellectual property vulnerabilities many entrepreneurs are exposed to without them realizing it. We’re so busy innovating and finding ways to ship product out the front door that we neglect to consider what’s slipping out the proverbial back door in the meantime.
Let’s use this time to learn, to reconsider, and to protect what’s most dear to the longevity and viability of our companies going forward.
If you have any questions relative to your company’s intellectual property policies or exposures, I am open to a no-cost, no-obligation conversation to discuss your strategic options. Contact me to schedule a phone call at [email protected] to get started.
Disclaimer & Notice: The content of this article does not constitute legal advice. The information presented herein is for informational use only. Not responsible for the actions or failures of third parties. Not responsible for any action or inaction based on the content of this article. The content of this article is solely the opinion of the author(s) and may not necessarily be those of Remenick PLLC, its clients or members. Reading this article does not constitute the establishment of an attorney-client relationship. Any communication received will not be confidential unless and until an attorney-client relationship is established by an engagement letter. The content of this article may not be current as of the date of access and may be removed or updated without notice. Consult with legal counsel before undertaking any legal action.