The recent hacking attack against the Houston Astros is a wake-up call for all employers: no organization is safe from its adversaries’ attempts to steal proprietary information to gain a leg up in the competition. The infiltration of the Houston Astros’ network reportedly was carried out by employees of the Cardinals – an Astros’ arch rival. The compromised database contained highly proprietary information, including scouting reports, player statistics, and internal trade strategy – considered the "crown jewels" for any major league baseball team. While the FBI and Justice Department investigations are still ongoing, it appears the perpetrators accessed the Astros’ network using a "master password list" maintained by Astros’ General Manager, Jeff Luhnow – who had used the same list when working in a prior role as an executive for the Cardinals. These events underscore for all companies the critical importance of safeguarding your proprietary information.
Here are a few basic steps with broad applicability that should help employers of all types:
- Limit access to confidential information to only those employees who need the information to perform their job duties.
- Implement written policies that clearly define what you deem to be confidential information, and then communicate clearly to all employees that they may not:
- use that information for any purpose other than fulfilling their job responsibilities; or
- disclose such information to any other person or entity (excepting the government), without the company’s prior written permission.
- Consider having key employees sign non-compete/non-solicitation agreements that prevent them from leaving you to go work in a similar role for a competitor, or from contacting your customers or using any confidential information they obtained about you or your customers after they leave.
- Password protect all computers and computer systems, implement a written policy requiring that employees change their passwords frequently, and enforce that policy.
And finally – a lesson straight from the Astros/Cardinals incident – do not allow your employees to use the same passwords they used at prior employers. Competitor companies are likely to keep records of former employees’ passwords, and would-be hackers are likely to try these passwords first if intent on breaking into your internal systems to take confidential information.