Cyberattacks have emerged as a critical threat to trade secret security. This Employment Law This Week Deep Dive episode focuses on cybersecurity and protecting your trade secrets from attacks that occur from inside your company. Attorneys Brian Spang and Brian Cesaratto of Epstein Becker Green discuss cybersecurity awareness, the Defend Trade Secrets Act and the evolution of cybersecurity, and the importance of implementing strong employee policies and planning ahead. Having a security incident response plan ready is a must for employers in this environment.
Read on for more about this episode:
1. Cybersecurity Awareness
British Airways, T-Mobile—these are just a few companies affected by hundreds of data breaches that have occurred this year. October is Cybersecurity Awareness Month, and every new breach is a reminder that cybersecurity cannot be taken for granted. And while the media often focuses on foreign attackers, data increasingly shows that the bigger threat comes from inside your company. We spoke to Brian Spang and Brian Cesaratto, from Epstein Becker Green, for more.
Brian Spang:
"Most data breaches are caused by insiders as opposed to outside attackers. By ‘insiders,’ I mean people who already have access to your system. That includes current employees, former employees who retain access rights to your system, and potentially third-party contractors or vendors who you have granted access to your system."
Brian Cesaratto:
"The data is increasingly showing that insider threat to trade secrets is a growing vulnerability. And that's both because insider threat presents two types of risk: risk of an intentional malicious insider causing damage or exfiltrating trade secrets or unintentional insider threat. So, what companies should do is they should consider the type of threats they face using available data and then determine what their existing controls are and how those can be improved."
For more, click here.
2. The Evolution of Cybersecurity
These attacks have emerged as a critical threat to trade secret security. In 2016, Congress stepped in and tried to make it easier for companies to protect their trade secrets by taking their claims straight to federal courts with the Defend Trade Secrets Act.
Brian Spang provides more:
"The most significant change brought about by the Defend Trade Secrets Act is the establishment of federal subject-matter jurisdiction for trade secrets claims. Plaintiffs now may go directly to federal court without worrying about establishing diversity jurisdiction or relying on a different federal statute to establish subject-matter jurisdiction in federal court. Employers generally view federal court as a forum in which they can obtain relief more quickly and in which the cases move more quickly."
In the past, companies have sometimes relied on non-compete agreements to help prevent insider threats or to provide an avenue for relief. But as Brian Spang tells us, the current regulatory trend is running against these agreements.
"Regulation in this area is evolving toward restricting the use of non-compete agreements and in favoring the rights of individuals. And in certain jurisdictions, there have been recent decisions throwing out claims attempting to enforce over-broad non-compete agreements without giving the plaintiffs any opportunity to argue for modification or a narrowing of the restrictions."
3. Employee Policies and Planning Ahead
In this uncertain climate, ultimately the best offense is still a good defense, and that means stopping the insider threats before they materialize. The most important cybersecurity tools for employers are strong policies that shore up vulnerabilities and a firm plan for a potential incident or breach.
Brian Cesaratto tells us:
"The most important step that an employer can take to prepare for a security incident is to have in place a security incident response plan and to train employees and managers in the implementation of the plan. Planning ahead of time is important because that way, when the time comes and there is a crisis, the company's not reactive. It's not attempting to address the issue under stress where there's no plan in place."