As mobile and wearable technology becomes further ingrained in the modern workplace, businesses face increasingly complex challenges in the fight to protect their intellectual property from leaks and other security breaches. Much has been made of the threat posed by compromised mobile devices, with hackers leveraging public Wi-Fi networks and fake apps to access data stored on employee devices. However, many businesses fail to consider an even greater threat, one that has also been heightened by access to mobile technology — employees themselves.
Case in point: Last fall, former White House aide Omarosa Manigault Newman sent shockwaves through the West Wing and around the world by releasing a series of secret audio recordings documenting sensitive conversations with White House and Trump campaign officials. Some of these were simply phone calls that Manigault Newman received and recorded on speakerphone — unscrupulous, yes, but also relatively unremarkable. However, one recording in particular featured audio captured from inside the White House Situation Room, an area that the previous administration had considered “one of the most secure spaces in the country.”
If the White House, safeguarded by the full might and expertise of American security agencies, is susceptible to such an incursion, how can the average business ever hope to protect itself from the same? Any corporate environment that allows employees to use personal devices must implement regulations and security best practices to protect the company from security breaches—not just the complex cyber threats posed by anonymous hackers, but also the far more mundane threat of smartphone cameras, microphones, and note-taking apps. Here are four ways that your business can get started.
Identify and Understand Your IP
Before you can protect your intellectual property, you must first ensure that you have a clear understanding of what IP in your organization looks like. Leaders must make a point of itemizing, categorizing, and labeling their company’s IP—being careful to identify that which is directly related to their products, as well as IP produced via ancillary business processes.
Labeling is a crucial step here, as is taking the time to file for appropriate trademarks and patents. Making these efforts before IP theft occurs will play a critical role in any legal action that your company may take to protect its assets. Consider hiring a full-time IP manager who will not only drive the implementation of effective security processes, but also help to ensure long-term compliance among staff and leadership alike.
Restrict Access to Your IP
Businesses should restrict access to their IP and document actions taken to secure it. This means understanding not only what your IP is, but where it lives. Implementing “Need to Know” access control and authentication protocols will limit the exposure of your most valuable data and trade secrets, and encourage a healthy respect for the proprietary and confidential nature of these materials.
To combat the threat posed by smartphone camera and recording technology, assess areas of risk and establish physical premises security procedures to address them. Involve (or hire) on-site security staff wherever appropriate. Once again, taking the time to institute common sense security measures will help you demonstrate the confidential and proprietary nature of your IP, and could make all the difference in future legal proceedings.
Hire Employees You Can Trust
Armed with smartphone technology, your employees now represent one of the greatest threats to the continued security and confidentiality of your company’s IP. This can be unnerving, leaving executives with the sense that they are surrounded by potential spies, and eroding trust between company leadership and support staff. One of the best ways to alleviate these concerns is to hire trustworthy employees.
This means vetting each potential hire before extending an offer of employment, contacting references, conducting background checks, and working with HR leadership to ensure these processes are taken seriously. Make use of nondisclosure agreements where appropriate, and be sure to continuously train and retrain all employees on company security procedures.
Above all, do everything you can to ensure high rates of job satisfaction and employee retention among your staff. As the Trump administration has surely learned by now, happy employees are much less likely to violate confidentiality rules.
Consider Placing Limitations on Where and When Smartphones May Be Used
The most direct way of protecting your IP against smartphone surveillance is to enact rules that limit where and when employees may use their personal devices. To an extent, it’s surprising that more employers haven’t placed at least limited restrictions on smartphone usage, especially since it’s not just disgruntled employees who pose a threat. Even the most trustworthy senior executives could carry a device that has been compromised by hackers — capable of activating cameras and microphones remotely to gain access to private workplace conversations.
However, employers should pause before instituting such rules, as the legalities surrounding prohibitions on workplace recordings are far from settled. In 2015, the National Labor Relations Board ruled that no-recording policies enacted by employers violated the National Labor Relations Act. However, in June of 2018, the NLRB revised its decision, ruling that policies barring the use of cameras and recording equipment in the workplace are permissible so long as they serve a legitimate business purpose. Whether your organization institutes such prohibitions will ultimately depend on the nature of your business and company culture.
Lee Reiber is the COO of Oxygen Forensics, whose software is used by both public and private entities in 150 countries to conduct digital forensics investigations related to crimes, legal proceedings, and in-house corporate investigations.
Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.