Here at the Law Office of Vincent Miletti, Esq. and the home of the #UnusuallyMotivated movement, we take pride as a resilient and dependable legal services firm, providing such services in both a traditional and online, web-based environment. With mastered specialization in areas such as Employment and Labor Law, Intellectual Property (IP) (trademark, copyright, patent), Entertainment Law, and e-Commerce (Supply Chain, Distribution, Fulfillment, Standard Legal & Regulatory), we provide a range of legal services including, but not limited to traditional legal representation (litigation, mediation, arbitration, opinion letters, and advisory), non-litigated business legal representation and legal counsel, and unique, online legal services such as smart forms, mobile training, legal marketing, and development.
Still, we, here at Miletti Law®, feel obligated to enlighten, educate, and create awareness, free of charge, about how these issues and many others affect our unusually motivated® readers and/or their businesses. Accordingly, to achieve this goal, we have committed ourselves to creating authoritative, trustworthy, & distinctive content. Usually, this content is featured as videos posted on our YouTube Channel https://www.youtube.com/channel/UCtvUryqkkMAJLwrLu2BBt6w and blogs that are published on our website WWW.MILETTILAW.COM. With that, the ball is in your court and you have an effortless obligation to subscribe to the channel and sign up for the Newsletter on the website, which encompasses the best way to ensure that you stay in the loop and feel the positive impact of the knowledge bombs that we drop here!
As the authoritative force in Employment Law, it only seemed right to introduce one of the many upcoming series where we remain persistent in introducing a variety of topics, which will look to not only educate but also deliver in a sense that only Miletti Law® can. In this regard, this blog is Part VIII of our series on “Cybersecurity Measures to Protect Employers.” In Part VII, we provided you with key information on “Deterring the Physical Removal of Confidential Information,” which is the third cybersecurity initiative that an employer may take as part of taking reasonable measures to protect confidential information and trade secrets. As we continue to explore other key cybersecurity initiatives in this blog and Part VIII of the series, we have hammered on “Prohibiting Employee Use of Portable Storage & Mobile Devices,” which is the fourth cybersecurity initiative that every employer should take pursuant to the same goal.
Prohibiting Employee Use of Portable Storage & Mobile Devices
Portable storage & mobile devices that include, but are not limited to laptops, smartphones, MP3 players, external hard drives, USB drives, tablets, and CDs can not only be used to introduce malware into computer and network systems but also to obtain and take digital information. This implies that employers should develop and implement policies that limit or prohibit employees from using external storage and mobile devices that can be used to remove, store, or introduce malware on protected information and data as a way of avoiding the theft of trade secrets via such devices. Employers should also provide employees with prior approval or authorization when the need to carry or store information or data on such devices arises.
In Part VI of this series, we talked about the need for employers to “install data encryption software,” which is one of the ways they can take advantage of technologies related to information and network protection. In this regard, we mentioned that the encryption software modifies and converts files, passwords, data, and information into an unreadable form that employers may only decode and decrypt using their own decryption software. Thus, to ensure and promote the protection of any information or data stored outside an employer’s computer or network system, all confidential information should be encrypted. Data and information encryption is essentially critical when the confidential information in question consists of personal identifying information such as social security numbers, bank account/credit card numbers, residential addresses, and names of clients or employees.
This goes without saying that such personally identifying information, financial data, and customer account information should be deemed confidential and, thus, any of such data and information copied or stored on external storage devices and laptops should be encrypted. Further, employers should train their employees on how to discard confidential data and information from personal storage and mobile devices. Essentially, all these policies and measures comprise reasonable steps and efforts for protecting one’s confidential information and trade secrets.
Additionally, such policy should also require temporary storage of confidential information on the portable storage & mobile devices mentioned earlier. As soon as the device has been used to store and/or use confidential information upon approval or authorization by the employer, it should be cleared. This could be done through the implementation of a policy where employees are required to check in and check out portable storage and mobile devices when their use is no longer needed. While ensuring the proper cleaning or “wiping” of such devices upon return for check out by employees, employers can develop and implement such policies and measures to effectively control how portable storage & mobile devices are possessed, disseminated, and used by employees.
In Part IX, we shall move the discussion forward by hammering on the “ Implementation of a Need-to-Know Access Policy,” which is the fifth consideration among several “Vital Cybersecurity Initiatives that Employers Should Take” as part of taking reasonable steps in protecting their trade secrets and confidential information.
As usual, stay tuned for more legal guidance, training, and education. In the interim, if there are any questions or comments, please let us know at the Contact Us page!
Always rising above the bar,
Isaac T.,
Legal Writer & Author.