Security Risks When Working From Home

Working from home? Have you been transferring files between work and personal computers? Be aware of the security risks that are out there. Experts talk about how to protect your company’s private data. Where should you start to make sure your remote workforce is secure? Listen to these experts!

Using Your Personal Computer to Work From Home

What are implications when working from home?

Let’s face it, these are weird times! Never before have we had the bulk of the country’s work force sheltering-in-place and working from home. We’re going on four months battling the spread of COVID-19. Workers have resigned, been terminated and furloughed and many have sensitive trade secrets loaded on their personal computers. Experts Lee Neubecker and the Data Dive Debbie Reynolds discuss currents situations and different audits they have performed for companies to retrieve intellectual property and company data. Check out this blog with transcripts.

Video Transcripts Follows

Lee Neubecker(LN): Hi, this is Lee Neubecker from Enigma Forensics. And I have Debbie Reynolds, the data diva back on the show from Reynolds consulting. Thanks for being on. Thank you so much for having me Lee. So what are your thoughts about the shift and changes that have happened over the last couple of months with everyone being stuck at home with their computers?

Debbie Reynolds(DR): I think it’s a interesting issue now, because as you know, even before the pandemic, there were people working at home. But now since there’s so many more people at home, it’s bringing up other security risks, especially with devices. And I’m sure you know, you probably explain more of your experience about working especially a forensic with people who are remote. And some of the challenges with those machines, especially, you know, the same people. They’re either working from home, people are getting furloughed or people are losing jobs where they’re, they’re not in the office. But they still have equipment. So I’m curious to see what you think about all that in terms of the device, the equipment, and some of the risks that come with that.

(LN) We’ve had a number of projects happen during this period where workers either have resigned, they’ve been terminated, or they’ve been furloughed, and there’s a need to get the company data back. And sometimes that data is on their personal computers. Other times the data is on a company issued laptop, but there are companies are just starting to get back to work. And there’s a whole host of issues. If you have sensitive trade secrets, and confidential electronic data on an employee’s personal or work computer, and you don’t have physical custody of that, there’s a real risk of that data getting disseminated to a new employer, maybe leaked online to the web, or maybe even you know, someone’s kid at home installs a game that opens up malware that puts those trade secrets at risk.

(DR) You know, we know a lot of people working from home, and a lot of people are using, I think the statistics said, the majority of people, maybe a slight majority, are using their own computers to, you know, tunnel in via VPN or whatever. But we all know that people still, under a lot of circumstances, let’s say they’re printing, or they have a file they want to, you know, leave locally or something. What is your advice from a forensic perspective? ‘Cause we can, we always see a lot of data co mingle together, unfortunately, where the personal and people’s business stuff maybe, you know, together in some way, so what is kind of your advice for people working at home for stuff like that?

(LN) If an employee’s is being asked to work from home, they should ask for a work issued computer.

(DR) Right

(LN) Also you should be using a virtual desktop of sorts.

(DR) Right. Yeah, exactly. But you’ve seen I’m sure you’ve seen a lot of situations where you’re asked to do forensic work. And there is a lot of personal stuff, even on a company.

(LN) Yeah, we’ve had situations where people have, despite having work issued computers, they’ve still connected their personal computer up to corporate resources, office 365. I’ve seen situations where there’s drives that are syncing to personal, former employees, personal computers, and even though the accounts are severed, so it can’t continue to sync, then all that data might still reside. So we’re doing audits right now for clients to look for, you know, what devices are synchronizing with corporate data stores, and some of those devices. You know, there really needs to be accounting and audit to match up those devices to ensure that only accounts of active employees are syncing and that those devices are company issued devices, not personal devices because it poses a real risk. It’s a problem that could be preempted by issuing, you know, work equipment, not co mingling work and home stuff.

(DR) Are you seeing problems where people are, let’s say they have a phone. And they have like, for example, let’s say they have an Apple phone and they have a iCloud account. And the phone belongs to the company, but their iCloud account is their own personal account where you have problems getting those passwords.

(LN) Yeah, for the most part, we’ve had compliance and I’ve worked to try to help solve the problem, you know, the employee might have stuff they need. And usually what we’re doing in most cases where we have co mingle data, where we’re giving the employee or former employee the opportunity to put all their personal stuff onto a drive that will then do a search against and then we’ll wipe, wipe, completely wipe, the original device. They’ll sign a certification of sorts, and then they’ll only copy the stuff that they, that they copied off that we verified, didn’t contain trade secrets, and they’ll pull that back down to the computer. But that relies on some level of trust that if the employee or former employee signs, a declaration or affidavit saying that they returned everything that they’re being honest.

(DR) Do you have people that are concerned, especially in the legal field about people doing remote document review, and having sensitive documents viewed on their computers at home?

(LN) Well, I think that’s a legitimate question. And you know, if, if companies are outsourcing document review, they should be asking the provider, provider questions about, you know, how, what steps are you taking to make sure that those endpoint reviewers aren’t using computers that are compromised? In many cases, companies are using independent contractors as their reviewers and they’re not issuing corporate equipment. So that that’s a real risk that the whole ediscovery industry really needs to grapple with, because someone’s going to get burned at some point in time, especially during this, this pandemic with, you know, resources taxed and people working from home.

(DR) I have one more burning question for you, actually. And this is about BYOD. What do you think? Because the pandemic, do you think more companies will start to do more or less, bring your own device things as a result? I think we’re going to see a lot of problems come out of BYOD devices where companies see the problem of losing control of their data. And, at least with the larger companies, I think you’re going to see probably more strict, more strict enforcement of using corporate resources. I mean, there were many companies right before Illinois shut down went into effect they were ordering laptops going running out to, you know, retail stores to quickly grab whatever they could, so they can issue laptops to their employees. And, and so I think you’re going to see, I think you’re going to see a movement away from BYOD in the future.

(LN) I agree with that. I think it’s been a long time coming. I don’t know if you remember when they were first doing this, you know, at first companies were giving people devices, then they decided well we’ll save money will be out BYOD Now it seems like a pain in the neck to deal with it. And it’s all these risk issues. So I really feel that they’re going to start to go back the other way.

(DR) Now, well there’s a cost associated with BYOD. And now people are furloughed and all your sensitive data is on former employees, personal computers. So then you’ve got to hire a forensic expert like me to try to work through to get the data back and to solve that problem, which, you know, it might have been much easier to issue a 500 dollar laptop to employee, then to have them synchronize that ’cause they’re going to pay more than $500 dollars to try to solve the problem of getting their data back. So after we get through this next bump in the business cycle where companies are paying out to have to retrieve their data, I think you’ll see that most CFOs will see it’s smart sense to issue corporate laptops and to block access to BYOD devices. But thanks for the question. It was a good one.

(LN) Thank you. Fascinating. Thank you for sharing.

(DR) Thanks

Related Articles

Check out our COVID-19 Statistics – Track your county!

Issues When Working From Home

Issues when working from home are bubbling up. Are you working from the dining room table on important company information? We discuss the importance of forming a work from home policy.

We have reached a new era of remote business at levels few companies ever planned for. We all know, COVID-19 has driven businesses and their employees to operate from makeshift home offices. As a result, many issues when working from home have been exposed. In some of our past blogs, Enigma Forensics has provided insight to trade secret theft and given direction on how to protect company trade secrets from cyber attacks. In this blog we will address the current issues that have risen since we are all working from home.

First and foremost, the mass exodus from the business office to the home office was done at the flip of a switch. Working from home took many companies by surprise, sending employees home expecting this to be a short period of time. Most companies didn’t have time to prepare a proper security plan. In an effort to offer more accessibility to their employees some companies loosened their security standards to allow faster and more convenient access for employees. Some encouraged employees to use their own personal devices. These procedures have increased the risks that companies will be cyber attacked and offer opportunities for trade secret theft and loss of business confidential information. To lessen these possibilities companies must develop policies that address the risks.

Enigma Forensics suggests creating a work from home policy to inform employees of their obligations. Companies need to communicate how important it is to stay secure and that the future of the company depends on it. Employers must insist each employee maintain a two-factor authentication process to secure sensitive information. Each employer must restrict unauthorized access to company data. In other words, keep the kids off the company’s computer. It’s also imperative to prohibit the use of unauthorized third party cloud storage sites, and to make sure to apply security software to protect company data. Most importantly, no sharing of company devices.

Some more simple procedures companies can implement to protect their end points include:

  • Ensure endpoints have patch software and security updates applied monthly
  • Audit and enable Windows Defender or other Antivirus Solutions to protect end points
  • Ensure computers accessing company data are set to auto lock after five minutes of intactivity
  • Provide employees with dedicated work only equipment
  • Audit and ensure satellite workers have a firewall protecting their endpoints from potential attackers

Kids at home with not much to do may be interested in installing the latest video game on your computer which could introduce security vulnerabilities at home.

Enigma Forensics also suggests developing an inventory of what employee has access to which files. Know who is printing confidential information, and identify if family members have access to the same devices. Once all this is mapped out, a risk assessment needs to be conducted. Identify which employees have access to sensitive information should be prioritized and secured appropriately.

Eventually we will all be back working in the office but COVID-19 has exposed the need to increase security and to learn more about how your employees are utilizing company owned devices.

To Learn More About Trade Secret Theft Check out our blog below

Trade Secret Theft

When employees leave a company, it is common that departing staff may take electronic files belonging to their former employer. Matthew Prewitt, a trade secret litigator shares his experiences pursuing and defending against such litigation. The role of computer forensics and the importance it plays in getting to the truth is discussed in this informative interview.

Leading computer forensics Expert Lee Neubecker discusses trade secret misappropriation by a departing employee and how that can lead to a competitor gaining an unfair competitive edge. The Chair of Schiff Hardin’s trade secret practice, Matthew Prewitt, emphasizes the importance of working with a computer forensics expert to preserve digital evidence and perform effective discovery that can later be used if litigation is necessary.

The transcript of the video follows:

Lee Neubecker: Hi, I’m here today with Matt Prewitt. Matt is the chair of Schiff Hardin’s trade secret practice, and is an experienced litigator that focuses on the area of trade secret theft. Matt, thanks for being on the show.

Matthew Prewitt: Thanks for having me, Lee.

Lee Neubecker: We’ve had cases we worked on before involving departed employees. Could you tell everyone a little bit about your experience in this area, dealing with trade secret theft?

Matthew Prewitt: Sure, I mean as a trial lawyer, I’ve litigated both sides, sometimes, defending the departing employee, and/or that employee’s new employer, other times representing as the plaintiff, the company that the employee left.

Lee Neubecker: So, can you tell people generally what happens when you’re on the side of that had the employee that left? What happens at ground zero?

Matthew Prewitt: Well, ideally, the company would already have in place a structure of trade secret protection, and contractual, policy, and technology protections against unfair competition by the departing employee. So, that framework consists of, typically, a confidentiality agreement with the employee, perhaps a set of restrictive covenants, like a non-compete agreement, and then, hopefully, handbook policies that govern the conduct of the employee. Those will be coupled with restrictions, of course, that integrate with the company’s relationships, with its vendors and customers. Basically what the company ideally should be doing, is sitting down with outside counsel, in-house counsel, IT, and thinking about all the places where the company has sensitive, competitive information, trade secrets, or other confidential information, that are at risk when an employee turns out to be disloyal.

Lee Neubecker: So, when a client calls you, and they suspect that someone took stuff, what do you advise them to do, initially?

Matthew Prewitt: Well, I mean the first is to assess the situation and, that consists of identifying, with these days, almost everything is electronic of course, so, the first part of the assessment is to identify the types of electronic information that the departing employee would have access to. Either legitimately, during the course of that employee’s work, or, by exceeding the policy limits or protections that the company had in place. You’re doing, you’re identifying those areas for two reasons, one, preservation of evidence is very very important. And there’s no way to know what you need to preserve if you don’t know what the employee had access to, or potentially could’ve stolen. And then the other reason is to assess the competitive risk, and to begin to develop a plan for the investigation, and perhaps litigation response if it turns out to be warranted.

Lee Neubecker: And, so, typically, I know part of that initial response, when I’ve worked with you in the past, you want a forensic image made of the employee’s computer, before anyone mucks it up.

Matthew Prewitt: That is a, certainly an important starting point. With the changes in technology, for better or for worse, the places where the relevant data reside and the places that need to be preserved are, are multiplying instead of getting narrower, so, the hard drive of the laptop remains a very important source, because, forensically, it is often times the area that is most susceptible to forensic analysis and investigation. But there certainly are other places, as well. Cloud storage, the company’s computer network, personal email account of the employee, personal phone, company-issued phone, it goes on.

Lee Neubecker: I know when I first started in this area many years ago, the misappropriation was on a CD-ROM, and now, you’ve got smart phones, you’ve got USB drives, but the cloud is a whole other area of concern, because, companies can connect to Dropbox, Box.com, various other place, AWS, and move data to the cloud, so that, that becomes another point of concern in a need to be able to collect and preserve data from sources other than the computer.

Matthew Prewitt: You’re absolutely right, Lee.

Lee Neubecker: So can you tell us any war stories about what, what’s happened in the past when you’ve used forensics to pursue a case, and what kind of result you’ve been able to get for your clients?

Matthew Prewitt: Sure. I mean the forensic examination is really a critical part of a trade secrets case, especially if you’re on the plaintiff side, because, in, when you’re in court, trying to enforce restrictions against a departing employee, the, for better or for worse, the court is typically going to start that process with having, with some sympathy to the departing employee. I mean we are in America, and people are supposed to be rewarded for their ingenuity and hard work, and, employee mobility from one company to another is a basic value of our society. So, showing the court that the employee cannot be trusted to do the right thing, to be an honest and ethical employee at the new employer, at the new, at the competitor that she or he’s goin’ to, is really really important for building an effective non-compete case, or trade secrets theft case as a plaintiff.

Lee Neubecker: So for instance, if your client had a policy of no USB drives, and didn’t use USB drives, but yet, your forensic expert reported that a USB device was plugged into the computer the day before they filed their resignation, and that various files appear to have been copied to that drive, that would be something that would be compelling in support of an injunction, correct?

Matthew Prewitt: It’s certainly a brick in the building that you’re trying, or the story that you’re trying to build from court, absolutely.

Lee Neubecker: So there’s other pieces too, have you had situations where you’ve petitioned the court to allow discovery of that departed employee’s home computer, or the new workplace computer?

Matthew Prewitt: Yes, part of the forensic exercise is demonstrating the need for that discovery. And so, what you’ll want to start with as part of your initial investigation, is to have your forensic expert look for evidence that will show that the employee has used her home computer, has used external devices, has copied to the cloud, and once you can show the migration of data, under suspicious circumstances, off the realm of the company-owned hardware or accounts, then that’s the central starting point for demonstrating the court that you need a more invasive approach into the personal devices and accounts of the departing employee.

Lee Neubecker: Great so, let’s say that the plaintiff attorney has established convincingly with their forensic expert that data was misappropriated, and that the data clearly is confidential, and trade secret-type information. If you’re advising the new company that hired the sales person, and you saw the report and you believed the report to be credible, how might you try to help that new employer end the litigation and get things to a peaceful place?

Matthew Prewitt: Hopefully that they, the new employer has already laid the foundation for that scenario by instructing the employee before arriving, that they should not copy or take things with them, from their previous employment, should not load things onto the company network that are… belong to the previous employer, et cetera. And, to have done that in writing. If that’s happened, that puts the new employer in a potentially awkward spot, because you have an employee who not only has, has taken his former, his or her former employer’s stuff, but then has also disregarded the instructions of the new employer as well. That’s the situation where the new employer may be seriously considering terminating its relationship with the new employee.

Lee Neubecker: I’ve seen that happen, I’ve also seen situations where, the employee who departs agrees to have forensic inspections on his computer, and, signs an agreement that pretty much guarantees that if he’s caught doing something with this, that he’s going to have, face massive legal costs, and admit to wrongdoing.

Matthew Prewitt: That’s where that trust factor or credibility factor, that comes, that’s one example of where it becomes really critical. Not only is the court typically going to be inclined to the defendant departing employee’s situation, and want that employee to be able have gainful employment, many courts are also going to want to give that employee a second chance. And the second chance here is the chance to turn over the, turn over the information, and provide exactly the kind of affidavit or certification you’re referring to.

Lee Neubecker: Great well, I appreciate you being on the show and talking about this topic. It’s one that impacts most businesses, so, thanks again for being on the show.

Read More on Trade Secret Theft:

Defend Trade Secrets Act of 2016

Learn more about the Defend Trade Secret Act

Enigma Forensics CEO & President, Lee Neubecker discusses the of the Defend Trade Secrets Act with Trademark Attorney Brian Michalek.

The transcript of the Defend Trade Secrets Act 2016 video follows:

Lee Neubecker: I’m here today with Brian Michalek. He’s a trademark and IP attorney. Brian tell us what you’ve come on the show to talk about today?

Brian Michalek: Yeah, well first of all thanks for having me Lee. I appreciate you coming down here and spending some time with me today. You know what I wanted to talk about today is kind of some new applications of the Defend Trade Secrets Act. Which is, it’s about two years old now but it’s basically a federal cause of action concerning trade secret law.

Lee Neubecker: And what this means basically is if you’re an employer and you have someone who stole trade secrets, it offers you an opportunity to file in federal court as opposed to the state courts statutes.

Brian Michalek: Yeah, I think that’s right. And kind of taking like a step back, you know prior to 2016, what we had when we were talking about trade secret law were really a bunch of different states that had their own specific type of trade secret statutes. Some of these statutes were in fact pretty similar and shared a lot of consistencies but there were others that kind of had their own nuances and what that meant was that trade secret jurisprudence wasn’t completely harmonized. And it made it a lot more difficult to account for situations where we often encounter in the digital age where misappropriation of trade secrets happens across state lines or if we have a scenario where an individual who misappropriates a trade secret, resides in one state and the server in which they access to take the trade secret is in another state. We found that there was a lot of clunkiness with trying to figure out which state law would apply and how we could best go forward to making sure that the owner of the trade secret could get restitution appropriately. So, really what we have now in 2016 is a federal cause of action as you stated correctly that allows us to go straight into the federal courts and manage trade secret litigation from that vantage point. And I think it’s important to say also, that what we’re having is not a federal law that preempts state law but it supplements it. So, both can be acted upon.

Lee Neubecker: So, here in Illinois we have the Computer Fraud and Abuse Act that is often one venue. Why would someone who’s contemplating filing litigation against an employee who stole trade secrets here in Illinois. Under what circumstances would they want to try to pursue the Defend Trade Secret Act, a federal option as opposed to the Computer Fraud and Abuse Act.

Brian Michalek: Yeah, well it’s really going to depend on the particular fact scenario. That’s an issue here. The Computer Fraud and Abuse Act, you know, that generally is tailored to somebody who goes into a computer without authority to do so or oversteps their bounds and oversteps their access. So, it’s a little bit of a different cause of action but then again, there are situations where you have a fact pattern where an employee could run afoul of both statutes. Both the Computer Fraud and Abuse Act as well as the new federal Defend Trade Secrets Act.

Lee Neubecker: So, what are some of the advantages for someone who perceives a claim using the Defend Trade Secrets Act?

Brian Michalek: Yeah, I think there several advantages. I kind of hit on some of them earlier when we’re talking about the kind of this discord among different state laws and how they’re actually applied to certain fact patterns. But one advantage is that you get access to the federal court system. Previously when you have a state law you can do some things to get the claim into federal courts but it takes a little bit more, little more effort and you often times need to show that there’s diversity or you need to tack on a federal cause of action like the Computer Fraud and Abuse Act in order to do so. Right now with this cause of action, we’re actually allowed to file in federal court right from the get-go. And you know, there’s certain bit of strategy and advantage for employers to do that from an efficiency standpoint, from a practicality standpoint which allows to redress this misappropriation as soon as possible because you know, we’re dealing with a situation many times that when you have a trade secret that’s misappropriated, you need to act very quickly. Otherwise it can be disseminated and ultimately lost if things aren’t done to stop that.

Lee Neubecker: I understand the Act requires you to present your case of sorts as to why there’s an urgency to seize this information, when you’re trying to get the evidence. What would you try to do before you file your case to bolster your chances of getting a judge to grant you relief in terms of obtaining your trade secrets and getting that information back?

Brian Michalek: Yeah, that’s a good question. I think what you’re getting at is the defend Trade Secrets Act has a very special and new kind of prong to it. It’s a mechanism for a civil seizure and what that basically says it gives the court the power to and it’s ex parte I should say. So, it allows you if you feel that your trade secret is misappropriated to go to the court ex parte and explain to the court why you need redress and you need to, you know get your trade secret back or have it deleted of someone’s computer who misappropriated it or whatever recourse is appropriate. Now, this is new to the 2016 statute but there are some very specific hurdles that you need to get over. The statute itself says that this is really only for extraordinary circumstances and you have to show that other equitable means would not serve your interest like a preliminary injunction or a temporary restraining order. So, it is kind of a special remedy that’s offered and I think you know, we’ve had the statute for about two years now and there’s only been a handful of cases. There’s one in particular where the judge in fact did grant a civil seizure order and one of the reasons was because they found that failure to do so would cause the trade secret to be disseminated and ultimately lost. And really the next step there is to get the Federal Marshal Service involved and they will go in and actually reclaim that trade secret or delete it or make sure that appropriate recourse is made.

Lee Neubecker: Now, when you’re filing, would you encourage your clients to have an independent forensic analysis done with affidavit to support their claims? Do you think that would help the likelihood of actually getting that relief?

Brian Michalek: It’s again, it’s going to depend on the situation but I think kind of what you’re getting us is when you’re dealing with something that is taken from a computer. You know, we’ve dealt with situations where and I think these are becoming more and more common in the digital age, where an employee will do something with his computer before he quits and goes to competitor, he will transfer a file or copy a file or do something he’s not supposed to and the employer finds out and if they believe that there is some type of misappropriation or the employee took something that he worked here or she was not supposed to you know, they may have cause of action under this this federal action. And to your point, a lot of times doing a dealing with computers you do have to get a forensic expert involved so that you can actually know what was happening because people sometimes thinks that they can delete something or they can transfer it or hide it and you know, I’ve dealt with this enough times and I know you too, you have to Lee is that, you know, it’s very, very difficult to actually cover up your tracks unless you really know what you’re doing and that’s really where a forensic expert can help. Is when somebody tries to cover up their missteps, their tracks and if you get the right expert involved early, then you can at least have that evidence to really show the fact that or what was going on and why you are entitled to remedy under this federal act.

Lee Neubecker: And so Brian can you tell everyone some of the benefits, financially filing under this act?

Brian Michalek: Well, I think what you’re referring to is this act has one other wrinkle. It’s known as the whistle blower provision and basically it allows employees to blow the whistle and disclose what could be a trade secret and very limited fashion, if they believe that there is some wrongdoing. On the flip side of things, employers if they want to take full advantage of this act and maybe receive attorney’s fees should they win or exemplary damages in certain situations. They’re now tasked with including this whistle blower provision in employee agreements. Meaning they have to make note of it and specifically instruct the employee that this is an option and the mechanisms for which apply.

Lee Neubecker: So, the fully benefit from those people should revisit their paperwork, their confidentiality agreements and whatnot with their vendors and employees. Is that something that you could assist people with?

Brian Michalek: Yeah, absolutely. That’s something that we’re happy to talk with you about and if need be, we’re going to help and assist.

Lee Neubecker: Great, well thanks for being on the show.

Brian Michalek: All right thanks so much.

Lee Neubecker: Take care.