Noncompete agreements are going away.
President Biden signed an executive order on July 9 encouraging the Federal Trade Commission (FTC) to ban or limit noncompete agreements. Lina Khan, the new FTC chairwoman, has criticized noncompetes as reducing competition, thus hurting consumers, and is likely to eliminate them.
Even without noncompetes, however, MSPs have several ways to protect proprietary information and investments in employee training and certifications.
In fact, these options may have more teeth than noncompetes, which I never relied on when I was an MSP. My lawyer had advised me that right-to-work laws and a person’s right to earn a living almost always beat an employer’s claim that the worker had signed a noncompete agreement.
Protecting Proprietary Information
Stealing company data is a crime, but it happens all the time. A survey from Biscom showed that 87% of employees took company data with them when they left their job. Many said they thought were entitled to it because they had created the data for their employer. Yet, according to The National Law Journal, the Economic Espionage Act (EEA) gives business owners “the right to sue in federal court under the EEA for not only the theft of trade secrets data, but also their use.”
To help avoid the need to go to court, however, there are several things you can do to protect your business from employee data theft.
1. Educate clients and employees about insider data theft, which is a crime that can result in large civil financial penalties. The more you talk about it with your clients, the more the message will also be heard by your staff. If you work with defense contractors, moreover, they are required to provide insider threat training to their workforce.
2. Have your employees, including senior managers and long-term staff, sign acceptable use policies, nondisclosure agreements, and confidentiality agreements. These agreements may continue to protect you and provide financial penalties for violations.
Always have your agreements prepared by an attorney who is familiar with your industry, your state laws, and your company. Don’t make the mistake of downloading an agreement from the web or copying a buddy’s document. (I’ve seen copied agreements from businesses in New York saying they were based on the laws of Florida.)
3. Limit access to critical data. Secure databases, network shares, and cloud services from employees, limiting access to just information they need for their jobs. The less they can get to, the less they can steal. Block exporting data and documents to portable media. Employ data leak prevention software on your own network, which as an MSP you can probably get at low cost or for free as a not-for-resale version.
4. Monitor employee activity. When I was an MSP, we used a monitoring tool to record every keystroke our employees typed into their systems. We warned everyone and made it clear there was no expectation of privacy when using company devices. It was amazing to catch employees doing bad things even though they knew they were being watched.
Don’t think that your most senior and trusted managers are exempt. We had the founder of an engineering firm, one of our managed services clients, come to us in tears, saying he had been tipped off that his company president, VP of business development, and chief financial officer were all stealing company data because they were going to start a competing business. We secretly installed monitoring software on their systems. Soon, the owner had documented evidence—that stood up in court—that his trusted team of senior executives had stolen proprietary data.