According to recent statistics, the number of trade secret cases in U.S. federal courts doubled between 1988 and 1995, doubled again between 1995 and 2004 and is projected to double again by 2017. Hacking, as well as the use of email, thumb drives and external storage devices, are all means by which confidential information can be stolen. No business can ever be 100 percent safe, but companies can and should take several steps to protect their trade secrets from misappropriation.
1. Companies must identify and label confidential information. Confidentiality legends should be electronically embedded on documents so they cannot be deleted but don’t abuse the designation. Designating non-confidential materials as confidential can lessen its effectiveness.
2. Limit access. Many employees are using portable devices to store and save proprietary data. Companies should limit the amount of data that can be downloaded onto thumb drives and other storage devices and consider disabling or selectively disabling the use of USB and DVD ports on employee computers altogether. Companies should also require multiple passwords and maintain records of who is accessing which networks.
3. Use copy prevention software to prevent the unauthorized copying of confidential information. Software solutions such as Copy Protect and ExeShield are cheap and can prevent duplication of electronic data. Other products such as those offered by StarForce, Fortium, and PTProtect can prevent the copying and duplication of data stored on CDs, DVDs and other tangible media. Protection is available with or without disc keys and works by binding the disc’s content to the original optical disc topology, which renders the content unable to be launched from replicated or emulated CDs or DVDs.
4. Require employees to sign NDAs upon hiring. In addition, require your employees to sign Proprietary Information and Invention Agreements (PIIAs). More than mandating confidentiality, PIIAs require employees to acknowledge and agree that information to which they have access during their employment, and any material they generate during employment, belongs exclusively to the company and not to the employee.
5. Require customers and vendors to sign NDAs before disclosing any confidential information. Third-party NDAs should include the company’s choice of forum and law provisions should any dispute arise. Additionally, a third-party NDA should include a provision requiring the third party to seek clarification from the company before any disclosure. The third-party NDA should also detail the process for collecting and returning all confidential information at the end of the relationship, including electronic data. Return of electronic data is preferable to destruction because then the company can verify the integrity and comprehensiveness of the data returned and assess whether it has been manipulated or copied.
6. Monitor departing employees. Once an employee gives notice, companies should watch him or her carefully, and review access logs and printers to see who printed what.
7. Don’t use hotel Wi-Fi. Thieves can set up fake Wi-Fi services and download banking and company information if you’re not careful.