Insider threat

The Top 10 Ways to Protect Your Intellectual Property from Unscrupulous Remote Employees

Chiragh Dewan
January 3, 2018 by
Chiragh Dewan

Over the last few years, the concept of Remote Work has attracted a lot of talented and motivated individuals. The idea of a 9-5 job vs. being location independent is something that more and more individuals are being attracted to. Because of that and the benefit to their side, more companies have embraced this idea.

However, to use the proverbial term, each coin has two sides. Although there are many benefits to running a company with remote employees, there are also a few challenges as well. In today's world where data and trade secrets can make or break a company's future, it is essential that all necessary steps are taken to protect the intellectual property and let only the necessary employees have access to it.

Here are the top 10 steps you can take to protect your Intellectual Property (IP) from remote employees:

  1. Enforce Compliance: Have your employees sign an NDA (Non-Disclosure Agreement) along with their employment contract. Perhaps even go as far as having your remote employees sign a non-compete contract.
  2. Implement a "Need to Know" Policy: When it comes to IP, there is a good chance that more than one person is responsible for creating it. As far as possible, do not reveal the details of your IP to your remote employees. Thus, an ideal scenario is where all the employees are told information and given access to documents on a need-to-know basis.
  3. Make Use of Restricted Access: As far as possible, try to limit the access you give to your remote employees regarding servers and any cloud storage medium (such as Google Drive, Dropbox, etc.). In other words, give them access to the bare minimum that they need to perform their everyday job tasks. Not only will this increase the probability that your IP will remain safe, but you can also rest assured that other forms of confidential information and data will be safe as well.
  4. Contact References and Conduct Background Checks: Before you hire any new remote employee, contact their references and previous employers to know more about the potential hire. This will give you a chance to know how they work. It is important to keep in mind that this is especially crucial for remote employees. For example, when you meet potential employees face-to-face, you get a good feeling if he or she would be a good fit for your organization. However, when you are hiring a remote employee, the only interaction that you have with him or her will be through web conferencing, email, or the phone. As a result, there is no true way to gauge as to how he or she would fit into your organization. Thus, it is very crucial to conduct both background and reference checks, especially if you are considering hiring a remote employee.
  5. Engage Your Employees: Even though your interaction is limited to your remote employees to just email and web conferencing, always try to keep your employees motivated and happy. When it comes to your remote employees, as far as possible, try to get them involved in company activities as well. Although there is the distance barrier, engagement can involve the following:

  • Having your remote employees participate in all company meetings, via WebEx or Skype;
  • Make a special effort to reward your remote employees with periodic bonuses when they have met specific objectives and goals;
  • Have one-on-one meetings on a weekly basis (as far as possible) with your remote employees. By doing so, they will feel valued and an integral part of your company;
  • Try to fly in your remote employees for end-of-year company parties and other social gatherings.
    1. Use Tracking Software: It is common these days for employers to ask their remote employees to use time tracking software. This software also comes with the ability to take screenshots of your remote employee's workstation at random intervals.
    2. Train Your Employees in Your Security Policies: It is a good practice to keep training and reminding your employees why intellectual property should be protected; what needs to be protected; how to protect it; and the potential consequences for not following the rules.
      1. File for Trademarks and/or Patents: While creating your Intellectual Property, one of the best ways to secure it is by filing for patents, and/or trademarks as soon as possible. This ensures that even if your IP is stolen, you will still be protected and be able to gain recourse.
      2. Encrypt Your Confidential Information and Data: Encrypting all essential and vital data along with restricted access rights helps a company to secure its IP from its remote employees.
      3. Keep It Simple and Secure (KISS): Keeping your Security Policy basic but highly enforceable can make a vast difference. For example, secure the remote access channels to your network, change passwords on a regular basis, conduct random security based audits, etc.
      4. Conclusions

        The workplace of today is now moving toward hiring remote employees and contractors. Hiring such kinds of employees is no doubt beneficial to a business, especially from a cost standpoint. For example, there are no benefits to be paid or other such intangibles. However, with this advantage comes the flip side of hiring people you have never met before.

        There are potential risks with this. Thus it is imperative to conduct the necessary background, previous employment, and other forms of reference checks. However, another way to minimize these security risks is to keep in tune with your remote employees actively. By doing so, this will make them feel "good"; in other words, they will feel that their work and contributions are highly valued and essential to the organization.

        Thus, the result will be that your remote employees will feel much more motivated to produce the kind of work that they have been doing (and even better), and a sense of loyalty and safeguarding company assets will also be instilled amongst them.

        However, there is yet another facet of hiring a remote employee an organization must consider. That is, hire only those individuals that are within the same national borders that your business is in. The primary reason for this is that in the chance that your Intellectual Property is indeed covertly hijacked or stolen from your remote employee(s), you will at least have the option of proper and enforceable legal recourse.

        Although it might be tempting to hire remote workers that are overseas, keep in mind that if they steal your Intellectual Property, the only legal recourse that you have is through the legal system in that country. Given this fact, it could take months if not even years to get fully compensated for any Intellectual Property that stolen from you.

        Also, as noted, you should limit the access of network resources to your remote employees to what is only needed to perform their daily job functions. This also even holds true for your regular, full-time employees that are on site as well.

        Thus, in this regard, to make doubly sure that your Intellectual Property and the most sensitive information and data is kept secure, perhaps consider storing these on another server to which nobody has access to but yourself and other relevant management team members.

        Alternatively, if you are using the Cloud to store all of this, then perhaps consider opening another account that only you are aware of; and use this special account to store the documents that are associated with your Intellectual Property as well as the other information and data that are critical to your company.

        Just remember this proverbial phrase: A happy employee makes not only for a productive work atmosphere but also a secure one.

        Chiragh Dewan
        Chiragh Dewan

        A creative problem-solving full-stack web developer with expertise in Information Security Audit, Web Application Audit, Vulnerability Assessment, Penetration Testing/ Ethical Hacking as well as previous experience in Artificial Intelligence, Machine Learning, and Natural Language Processing. He has also been recognised by various companies such as Facebook, Google, Microsoft, PayPal, Netflix, Blackberry, etc for reporting various security vulnerabilities. He has also given various talks on Artificial Intelligence and Cyber Security including at an TEDx event.