This is the final installment in a three-part series on agency cyber security and risk management. Check out our earlier articles on exposures associated with managing client social accounts, and customer databases and personally identifiable information.
Professional service agencies— big and small—are often privy to highly confidential client information. From mergers and acquisitions, to new product or brand launches, agencies are almost entirely in-the-know.
With knowledge of sensitive information that is not only kept from the public, but also sometimes unknown to company employees, agencies receive equal responsibility of risks associated with letting confidential information leak.
The financial and reputational ramifications of intellectual property loss can be huge, especially if it pertains to a product patent, financial transaction or secured trade secret.
To protect your agency from costly mishandling of confidential client information, risk management and mitigation is essential.
Legal Contracts and Nondisclosures:
To protect both parties, ensure all necessary and legally binding contracts are in place.
A legal contract between at least two parties to restrict access to a third parties outlining confidential material, knowledge, or information shared, goes by many names:
- Non-disclosure agreement (NDA); both unilateral (one sided) and mutual (both parties held to contract)
- Confidentiality agreement (CA)
- Confidential disclosure agreement (CDA)
- Proprietary information agreement (PIA)
- Secrecy agreement (SA)
In any case, these agreements are a promise, a contract, not to disclose confidential and exclusive information. They are used in situations where two entities are considering doing business and need to understand the other’s processes for the purpose of evaluating a potential relationship.
Protecting trade secrets, in many ways, is different from protecting personally identifiable information (PII). See our earlier post, “Cyber Security for Professional Service Agencies: 5 Ways to Protect Clients’ Personally Identifiable Information,” for more information. Some controls for protecting PII, however, will overlap.
The same levels of IT protection taken to protect PII will also protect documentation or data that reflects clients’ trade secrets. The Information Systems Security Association (ISSA) elaborates on this concept in Cybersecurity Protects Your Company’s Valuable Trade Secrets:
“PII protection is highly compliance driven. In fact, many security programs are driven overall by PII compliance considerations. Not so for trade secret protection. Additionally, it is relatively easy to identify PII; think HIPPA or PCI, for example. Trade secrets may be in many different formats and stored as structured or unstructured data.”
Most trade secret theft involves people who are in the know, including employees, contractors, suppliers or third party partners—e.g. PR, marketing and advertising agencies or law firms. Below are some mistakes your agency should actively work to avoid.
Agency employees expose their clients or become a liability by:
- Talking publically with other employees or clients about confidential information.
- Not using proper discretion at a networking event, such as bragging. This is especially risky on social media, even if content is posted to private accounts.
- Forwarded emails.
- Alcohol usage can play a large part in the exposures listed above.
Pro Tip: Hiring team members who conduct themselves in a professional, loyal and discrete manner will help aid the threat of a bragging fail.
The Gray Area
Failure to label or classify confidential information adequately and appropriately will put your company at risk. Classification using protected data discovery tools makes protecting PII more straightforward. Trade secrets and intellectual property, however, is more difficult to manage.
It is critical to train employees, especially your entry-level team members, to recognize trade secrets.
Pro Tip: Ensure digital content, including trade secrets, via Internet or internal server, are protected adequately. Ensure confidential content is given to agency employees on a need-to-know basis.
Get It in Writing
A handshake or verbal agreement will go a long way, but you’ll also want it in writing. Well-written and regularly updated non-disclosure agreements will protect your agency, as well as your client, in court.
Maintaining a concise, organized paper trail to back up promises around intellectual property and confidential information will keep your agency, and client, accountable.
Pro Tip: Legalzoom and other online resources help agencies working with smaller NDA needs. Always consult a legal professional to ensure your bases are properly covered.
For ultimate overall safety your agency, and its respective clients, you should consider investing in intellectual property insurance where necessary, which typically protects parties from copyright, trademark or patent infringement claims arising circumstances including those described above.
Trademark and intellectual property insurance can be obtained on a first and third party basis. Agency leaders can learn a lot about confidentiality best practices by applying for insurance; the application process requires them to question their business practices and reveal risks.
Brands and IP are the lifeblood of businesses, and serious consideration should be given to protecting these liabilities. Leaked secrets can mean severe ramifications for your agency and team, including client and reputation loss, as well as legal action. When it comes to trade secrets and intellectual property, your biggest asset is maintaining an agency-wide standard of accountability and trust.
Is your agency covered against intellectual property loss? Leanr more about how to insurance your professional services agency against cyber threats and liabilities.
Image credit: Dia Dalsky