Data on the Wild: Protecting Intellectual Property on Remote Workers

What’s on a remote worker’s company-owned device? Everything. From the marketing department’s next quarter program, to the sales team’s target accounts.

A 2017 report from Global Workplace Analytics and FlexJobs finds 3.9 million U.S. employees, or 2.9 percent of the total U.S. workforce, work from home at least half of the time, up from 1.8 million in 2005 (a 115 percent increase since 2005).

As more and more American companies, startups, and individuals worldwide, promote remote work as a flexible alternative for their day-to-day tasks, they’ve turned to rely on mobile devices as lifelines to their home offices and the rest of their workforce.

In this effort to increase effectiveness, employers issue each new hire his or her own laptop and/or cell phone, which the IT department is tasked with tracking and maintaining.

Now what’s on these company-owned devices? Everything. From the marketing department’s next quarter program, to the sales team’s target accounts, to the company’s most valuable asset — a list and contact information for current customers.

The Loose (Data) Ends Threat

Increasingly, companies are establishing guidelines for the mobile workforce. Not only do they outline how an individual is expected to behave as a representative, but they also detail what happens when these individual and the company part ways.

For the most part, people who leave for a better job with another company or those who simply retire part on good terms. All hassle is avoided, they turn in their mobile devices, all data is safe, and they move on.

However, an employee termination can be an entirely different story.

Avoiding a Termination Horror Story

Employees who are let go for cause can be angry, resentful, and feel that they have a score to settle with the organization and the people who have separated them from their paycheck.

If the former employee is angry enough, he/she may not be really motivated to return their company laptop. Even worse, they could have some malicious plan, like using any confidential material on the device to get a new job, or to strike out on their own.

This sort of situations can be extremely harmful to the organization’s business and, due to the usual lack of regulations, it could escalate quickly to major intellectual property losses. Not only did the company lose a laptop, but they also may have serious concerns about the information of those laptops falling into the wrong hands. After all, who wants a competitor combing through their customer files?

Adding a Layer of Security to Data on the Wild

Before company-issued laptops, protecting a company’s intellectual property was the responsibility of the legal department … or maybe the joint domain of human resources and legal. Today, all that’s changed. The IT department has a big role to play in making sure company information does not fall into the wrong hands while it’s out in the jungle, far from the company’s internal protection.

Ideally, the HR and legal departments have created severance policies that protect both a company’s mobile devices and the intellectual property on them. This policy will explicitly explain what happens to a company’s property both hardware, software and content – when an individual is employed and when they are terminated. If an employee works in house on a company computer, this is easy enough to do. IT simply cuts off the employee’s computer access.

However, when a remote employee is terminated, their mobile device will still be in their possession. It’s up to the home IT department to incentivize the terminated employee to return the device, for example with a specific contractual bond and dissuasion tactics through a security software.

We have countless examples of this from Prey Business users, like one of our classic and most sensible user-stories, in which a known and respected medical employee took home a device with patient data information subject to HIPAA protections, plus financial data, to work during a holiday weekend.

What happened next? The worker faked his own death in an accident and proceeded to hide in Arizona’s desert in a stolen RV, away from his family, with $8,000 in cash, PLUS the company’s laptop with all sensible information in it. This was discovered by an MSP’s employee, in charge of monitoring these devices and ensuring the data’s security, when he retrieved webcam pictures and locations using Prey’s evidence reports and took them to the police.

It goes without saying that the former employee was arrested, and the laptop recovered. In this case, Prey enabled the IT team to connect and locate the device; however in other instances, users prefer to use our Remote File Retrieval and Wipe Tool to secure the data and erase it from the rogue device altogether.

Dissuasion: The Key for a Double Recovery

Once a terminated employee finds he/she can no longer use the mobile device, they have a much bigger incentive to return it to their former employer, which would result in a double-recovery: data and device.

If they do not return it, at the very least, any sensitive information can be retrieved or removed if prevention measures were taken, thus protecting the company’s intellectual property.

We recently spoke to Ashville, NC-based Domco, a subsidiary of Novacor Consulting Group, which, as Novacor’s IT support group, tracks a mobile workforce and its devices as it moves across the Southeast United States.

Domco originally deployed Prey’s Anti-Theft and management solutions to prevent the loss or theft of these devices, and it has been very helpful on that front.  However, what Domco particularly values about Prey is its ability to protect the company’s intellectual property, due to prior inconveniences with workers who wiped company data.

Read their study case: Protecting Company IP with Prey: Domco Technology 

Nicolas Poggi

Nicolas Poggi

Nicolas Poggi is a technology and contemporary culture journalist and author with +5 years of experience in multimedia journalism. He was head of indie coverage at TheGameFanatics, host and interviewer at IndieAir, and currently develops his career as a creative writer at Prey, where he curates the brand's voice and covers the ITSec scene.