One of the cybersecurity initiatives that an employer may take as part of taking reasonable measures to protect confidential information and trade secrets entails the “Implementation of a Need-to-Know Access Policy.” As we continue to explore other key cybersecurity initiatives, we have provided you, in this short blog post and Part X of the series, with key information on “Using Unique & Individualized Log-in Credentials & Passwords,” which is the fourth cybersecurity initiative that every employer should take pursuant to the same goal.
Using Unique & Individualized Log-in Credentials & Passwords
In order to ensure that the secrecy of confidential information is maintained, employers must have a strategy in place to ensure that such information is only accessed by authorized persons, especially since most of it is kept in computer systems or programs. An example of such a strategy is to assign unique and individualized login credentials to employees authorized to access confidential information. Through such a strategy, an employer may convince a court that they took reasonable steps in protecting their trade secrets and confidential information.
Another example is the use of passwords. Generally, although it is a basic and crucial measure, the use of passwords to control how and who has access to and can use confidential information may not be considered a “reasonable step” in protecting such information. However, irrespective of this drawback, employers may implement password-protection policies to enhance the likelihood that the use of passwords constitutes a reasonable step in protecting trade secrets and confidential information. For instance, an employer may require minimum recycling and strength requirements for passwords to be met and have employees change their passwords periodically.
Ideally, an employer may make it hard for an authorized individual to guess passwords by requiring strength requirements to be met. Furthermore, to prevent an authorized individual from accessing a password, one may have an added layer of protection by requiring passwords to meet recycling requirements. Again, implementing such password-protection policies may constitute reasonable steps in protecting their trade secrets and confidential information.
In Part XI, we shall move the discussion forward by hammering on the “Individual Responsibility for Trade Secret Oversight in a Business,” which is the sixth consideration among several “Vital Cybersecurity Initiatives that Employers Should Take” as part of taking reasonable steps in protecting their trade secrets and confidential information.
Stay tuned for more legal guidance, training, and education. In the interim, if there are any questions or comments, please let us know at the Contact Us page!
Always rising above the bar,
Isaac T.,
Legal Writer, Author, & Publisher.