TIRA 2015: Tech Industry Risk Assessment
Part 2: Seven Areas to Focus on for Better Security and Risk Management

6. Employee Education

We've been spending a lot of time discussing sole proprietors, but 36 percent of our customers have employees. Of them, though, only 38 percent have formalized, in-house training procedures. Again, maybe not surprising, given that most businesses we work with have ten or fewer employees. But remember what Robert Covington said: an "oral tradition" is a recipe for disaster when it comes to running a business.

Copyright Training & Education

That's especially true when it comes to something like copyright law, which is governed by external forces and enforced with serious fines. Despite that, there are significant gaps in training and education around copyright issues (see chart):

  • 62 percent of customers have a formal process to educate new employees about the importance of copyright law, including clear restrictions against using material developed for previous employers.
  • Fewer than half (44 percent) have any kind of procedure (written or otherwise) to prevent copyright infringement.
  • 29 percent of customers do not have employees formally assign to the business intellectual property rights to materials developed during their employment period.

If copyright seems like an oddly specific thing to train employees on, consider the potential ramifications of not having a system for developing and enforcing a system: in a best-case scenario, an employee might improperly use code that doesn't belong to them and have to pay a fine and redo the project. In a worst-case scenario, like one described to us by Robert Covington, an employee might leave your business and take critical product with them, with serious financial consequences.

In that situation, Covington said, the business in question actually had appropriate policies in place — but it did nothing to enforce those policies. To prevent something similar at your business, he recommends making sure your copyright education and training does three things:

  1. Meets industry best-practices standards.
  2. Includes regular training.
  3. Involves monitoring and enforcement.

Unfortunately, copyright training is a bit more complex than creating a client complaint resolution procedure. You can get started with the US Government's guide to works for hire New browser window icon. and its detailed copyright definition New browser window icon..

Data Security Policies

Even if you're nailing it in the copyright education department, there are other things to consider when it comes to employee education. One of the most mission-critical is data security. While most of our customers are following best practices for data storage and security (see chart), it's still worth mentioning that you really can't assume what your team knows.

For example, Mitzi Hill told us about a small business that was responsible for storing certain customer data, including payment card information. The information was stored in a spreadsheet that was neither secured nor password-protected – and an employee accidentally emailed it outside the company. While that incident was an accident, the risk of compromising sensitive customer information could have been lowered significantly if the spreadsheet had been password-protected – i.e., if the company had had better data security practices.

Also, one side note about the numbers in this chart: Robert Covington responded with a slight laugh when he saw that 94 percent of our customers reported having a written network security policy in place. He described the number as "a surprisingly high percentage in my experience," and went on to explain that, while many small businesses have a policy in place, that policy might consist of little more than a few sentences or pages stuck in the back of an employee handbook and forgotten about. Unfortunately, that's not going to cut it.

The bottom line here is that you really can't over-communicate with your employees about matters that have security and liability implications for your business.

Icon - Regularly Review


To-do item: Develop a plan for educating employees about copyright, fair use, and infringement; develop a plan for educating employees about data security. Enforce both.

Risks managed: Copyright infringement penalties, data breach and some professional liability risks

Next: 7. Errors & Omissions Insurance

Grab-n-Go Information

IT Contracts eBook
Get It in Writing: The IT Professional's Guide to Essential Contracts
Browse eBook
Sample certificates
See a sample Certificate of Liability Insurance, the proof of coverage you need for most contracts.
View Sample
Sample Quotes & Cost Estimates
See what insurance really costs: actual quotes by policy & specialty.
Get Estimates
Ask A Question
Submit your questions about construction insurance and get answers from our experts.
Read Answers