Protecting Account Access from the Disgruntled and Disloyal


Category: Employment Law | Intellectual Property Law

In the digital age, employers must take various precautionary measures to ensure that trade secrets and other confidential information is not misappropriated by their current and former employees. Below is a list of steps employers can take to prevent improper access to valuable company information:

  • Constantly update the network credentials of current employees

Several recent cases have demonstrated that ex-employees can and do use their former colleagues’ account credentials to gain network access. To prevent this, current employees should change their passwords on a regular basis, and they should be instructed to never provide others with their passwords—this can in fact amount to aiding and abetting criminal conduct.

  • Ensure that current employees create unique passwords; use two-factor authentication

All too often, employees create simplistic passwords that can be easily guessed by others, especially those who know them well. Employees should be instructed to create unique passwords that differ from those used for other accounts. To assure a higher level of security, employers should implement a two-factor authentication process, which requires unique secondary identification (a passcode that has been texted to the employee, for example) each time the account is accessed.

  • Cut off ex-employees’ remote and cloud access capabilities

Immediately upon termination, employees should lose remote network access, as well as the ability to access companies’ cloud-based accounts such as Dropbox or Google Drive. Several cases have involved ex-employees who maintained remote access after they were fired and used this access in a way that damaged their former companies.

  • Collect all authentication and storage devices

Ex-employees often still maintain their access cards or digital storage that contains company information, such as USBs. These physical devices should be taken from employees at the time of termination.

  • Limit and monitor employee access to sensitive information

Current employees should only be able to access company material that is necessary to do their jobs. Employee access to privileged information should also be monitored, so it is readily apparent when a former employee’s access credentials are used, or when a current employee’s credentials are used in a suspicious or unlawful way.

  • Instruct employees about proper network behavior and the consequences of unlawful access

Employees should be trained that the fact that they can access a network or cloud-based account does not always mean that they should. The clearly applies when an employee has been terminated, but it also applies to current employees whose access to certain information should remain limited. Employees should be warned about what can happen to employees who unlawfully access confidential information: criminal convictions and prison sentences. Former employees have been sentenced for up to three years in prison for wrongfully using network access information.

 

To learn how Castaybert PLLC can assist with matters of employment law, please click here.

To learn how Castaybert PLLC can assist with trade secrets, please click here.

Print This Post
Share Button
contact