Strategies for CIOs can Take to Protect Trade Secrets
It is the responsibility of the CIOs to keep the trade secrets of the company within the workplace.
The pandemic outbreak accelerated the growth of work from home at many enterprises. Chief information officers (CIOs) need to reassess and update their policies and practices regarding the protection of intellectual property, particularly trade secrets. Trade secrets cover critical assets for the company.
CIOs create business value through technology, overseeing the development of customer service platforms, approving vendor negotiations and IT architecture, establishing IT policies, strategies, and standards, and developing and approving technology futures and budgets. No organization is willing to devote the time, money, and other resources to working with legal counsel to litigate the misappropriation of trade secrets. Customer lists, know-how, and importantly, for software companies, user-facing software components, including features, functions, architecture, design, workflows, and processes, could constitute trade secrets. Here are some strategies for CIOs to consider:
Develop, implement and update internally-driven procedures:
Employee handbooks, employee training, periodic training should be provided, and exit interviews held for all employees with similar procedures for contractors or others who are exposed to trade secrets. Good equipment should be managed in ways that are closely similar to what is done at the office, and should be used at home also.
Whenever possible, employees needing to connect to the office should use VPN technologies. And ensure WiFi connections from home are secure, should not access company resources from public WiFi connections.
When employees leave or are terminated, conduct exit interviews explaining their continuing obligations of confidentiality and retrieve all copies of the tangible confidential information in their possession.
Make continual improvements:
Technologies and practices such as virus software, malware software, operating system security updates, firewalls, and secure passwords are necessary. So, frequently change the passwords.
Monitor procedures updates often to maintain consistency and to ensure compliance. Also, as companies grow, procedures and policies change. Trade secret protection plans should also evolve accordingly. Consider adopting measures that protect the company from each of these groups. Protection against hacking and malware is necessary, but not sufficient.
Implement business procedures to augment non-disclosure agreements:
Confidentiality and non-disclosure agreements with employees and business partners are the first line of defence. Organizations should develop procedures to make sure corporate policies are followed, and that protections and compliance are documented.
Policies, procedures, and records also need to be followed consistently to qualify as reasonable steps. Make all key employees, marketing representatives, prospective investors, and everyone else who has access to your trade secrets to sign a carefully prepared confidentiality and nondisclosure agreement.
Use controlled routing of physical and electronic access:
Most companies know that physical and electronic security is very important for protecting trade secrets. Establish controlled routing procedures for the distribution and circulation of confidential documents. And establish physical safeguards to prevent third parties from gaining access to confidential information.
Companies should also incorporate confidential information protection into physical and IT security system planning as well as restricting system access, and should regularly assess and improve their systems.
Include protection in training programs:
Training is essential for employees and third parties so both groups know what is expected of them when handling such information. Make trade-secret protection a part of your employee orientation and training program, during which a full briefing should be given on each employee’s continuing duty and legal obligation to protect your trade secrets. Several companies have won theft cases against former employees based on their corporate training procedures.