Your Best Worker Can Become Your Worst Nightmare

As one example, a former Morgan Stanley executive sold his BlackBerry on eBay, but neglected to erase the information on it. More than 200 internal company e-mails and a database of more than 1000 names, job titles, and contact information for the company's most senior-level executives were sold for $15 to a random stranger. The resulting nightmare ensued merely because the executive innocently believed that once he left his position, the information would somehow be erased from the device.

Beware!

The information age moves at warp speed. Gadgets that may be commonplace for a company's IT workers and younger employees may be confusing to more senior level management. It is critical that companies prepare employees to use personal devices, clearly outlining how these tools are to be used and the dangers inherent in their use. Technologies abound to help businesses protect themselves against the mishandling of information stored on personal devices ' whether that misuse is intentional or not. Portable devices can be password-protected. Critical company information can be made available on a need-to-know basis. Gadgets can be equipped with encryption software that renders them unreadable to anyone except their rightful owners. There are even methods by which a personal digital assistant can be remotely disabled if it goes missing. Every company owes itself and its clients a thoughtful risk analysis, taking these technologies and procedures into careful account.

Conclusion

Before handing an employee a personal device, or agreeing with an employee that he or she may use a personal device for work, a company should seek counsel to design and put into place a comprehensive, easy-to-understand, and frequently updated policy outlining how the device is to be used. These policies should include, at the very least, a definition of the information and software that may be loaded on the device, the required security configuration for the device, procedures if the device is lost or stolen, and procedures to follow on an employee's termination, such as requiring that an employee submit a device for inspection, allowing the employer to erase any proprietary information stored on it. The critical lesson learned from the example above is that the onus is on the company to protect its own assets. Don't let your company be brought to its knees by a misplaced BlackBerry.

David C. Henderson is a partner in the Litigation Department of Boston's Nutter McClennen & Fish, LLP. Matthew E. Feiner is an associate in the Labor, Employment and Benefits group.

Although difficult to imagine, your best worker may hold the key to your company's worst security nightmare. Technologically armed employees who routinely use BlackBerry devices, personal digital assistants, laptops, and tiny flash drives to transport critical information to and from the office can wreak havoc on a corporation ' with no intention to do so.

A frequently overlooked and, therefore, extremely dangerous employee is the one who has access to critical information and then innocently misplaces, misuses, or disposes of a gadget with that data on it. In this era of increased use of technological devices by employees, savvy employers should take immediate steps to safeguard their organizations by preparing employees to use these tools, protecting their information, and implementing thoughtful policies around the use of portable information devices. Employees entrusted with access to confidential information are often insufficiently prepared to manage the technologies they use properly.

Case in Point

As one example, a former Morgan Stanley executive sold his BlackBerry on eBay, but neglected to erase the information on it. More than 200 internal company e-mails and a database of more than 1000 names, job titles, and contact information for the company's most senior-level executives were sold for $15 to a random stranger. The resulting nightmare ensued merely because the executive innocently believed that once he left his position, the information would somehow be erased from the device.

Beware!

The information age moves at warp speed. Gadgets that may be commonplace for a company's IT workers and younger employees may be confusing to more senior level management. It is critical that companies prepare employees to use personal devices, clearly outlining how these tools are to be used and the dangers inherent in their use. Technologies abound to help businesses protect themselves against the mishandling of information stored on personal devices ' whether that misuse is intentional or not. Portable devices can be password-protected. Critical company information can be made available on a need-to-know basis. Gadgets can be equipped with encryption software that renders them unreadable to anyone except their rightful owners. There are even methods by which a personal digital assistant can be remotely disabled if it goes missing. Every company owes itself and its clients a thoughtful risk analysis, taking these technologies and procedures into careful account.

Conclusion

Before handing an employee a personal device, or agreeing with an employee that he or she may use a personal device for work, a company should seek counsel to design and put into place a comprehensive, easy-to-understand, and frequently updated policy outlining how the device is to be used. These policies should include, at the very least, a definition of the information and software that may be loaded on the device, the required security configuration for the device, procedures if the device is lost or stolen, and procedures to follow on an employee's termination, such as requiring that an employee submit a device for inspection, allowing the employer to erase any proprietary information stored on it. The critical lesson learned from the example above is that the onus is on the company to protect its own assets. Don't let your company be brought to its knees by a misplaced BlackBerry.

David C. Henderson is a partner in the Litigation Department of Boston's Nutter McClennen & Fish, LLP. Matthew E. Feiner is an associate in the Labor, Employment and Benefits group.