14 Feb 2025
How to protect confidential business data and trade secrets online
Article

How to protect confidential business data and trade secrets online

14 Feb 2025
  • Poor management of business trade secrets and sensitive data can lead to potential financial, legal, and reputational risks.
  • Using online tools and AI to create digital assets can also present risks for businesses, including copyright and trademark uncertainties.
  • Implementing strong access controls, encryption, and governance policies are just some of the ways businesses can help protect their confidential information and digital assets online.

For businesses, protecting confidential information and trade secrets is essential to maintaining their competitive edge. Whether it’s source code, proprietary recipes, processes, or customer databases, protecting these assets is essential.

In the data-driven economy where sensitive information is often stored online, strong governance is key to keeping it secure. Without proper safeguards, businesses can face serious risks to their operations and reputation.

“Trade secrets and confidential information are among the most valuable assets for any business. As technology continues to evolve, taking proactive steps to identify and protect these assets is critical,” said Ben Richardson, Cyber Product Lead, QBE Australia.

Types of confidential business information

Confidential business information refers to a broad range of non-public assets that are often stored online. If these details are exposed, a business could face significant risks or even lose its competitive edge. Key types of confidential information may include:

 
Performance management icon

1. Business processes and strategies

This includes how a business operates, its priorities, and the steps it takes to achieve its goals. Examples of this could be a global brand’s upcoming marketing strategy or plans for market expansion.

 
Product design icon

2. Product designs and technical specifications

For product-based businesses, designs and technical specifications are the core of their unique value proposition. This might include designs, blueprints, recipes, code, or any other information that could allow a competitor to replicate your product.

 
Handshake icon

3. Contracts and partnership agreements

Agreements with clients and suppliers are confidential for a reason. If made public, competitors can use information about your terms, pricing, or conditions to undercut your business, or impact your relationships.

 
Cyber security icon

4. Customer and client data

Customer information, including personal details such as addresses, license details, and purchase histories, is essential for business operations. Sensitive data, such as payment or medical related details, are a prime target for cyber criminals.

 
Data reporting icon

5. Financial records

From balance sheets to revenue targets, businesses store a whole host of important and sensitive financial information online.

 
Data icon

6. Employee information

Employee details, pay information, performance reviews and other HR-related details need to be managed carefully to ensure compliance with privacy regulations and maintain employee confidentially.

 

“Many businesses don’t have full visibility into the data and information they store within their network environment, or externally within their digital supply chain. This is often due to multiple systems operating across different business units, each with distinct functions and varying dates of integration,” said Richardson.

“By undertaking an audit of where information is stored, you can begin to identify where weaknesses may lie in your overall network architecture.”
How to manage cyber security risks across digital supply chains

Risks of inadequate management of confidential information

Not managing confidential business information securely online can leave your business open to many potential risks, with recent high-profile cyber incidents highlighting just how damaging data breaches and other cyber threats can be. Some key risks include:

  • Damage to brand reputation: Customer trust can be lost in an instant if a business suffers a cyber breach.
  • Loss of revenue: If confidential information such as client details, pricing strategies, or product specifications fall into the hands of competitors, financial losses may follow.
  • Legal repercussions: The legal and regulatory repercussions of a cyber breach can be costly and long-lasting.
  • Cyber security threats: Poorly managed digital data increases the risk of cyber attacks, for example, trade secrets or customer data being held to ransom.

How to manage digital risks

It’s vital that businesses have the right risk management procedures in place to keep confidential information secure. Below are some key strategies to help safeguard your business.

  • Create an inventory of sensitive data: Conduct a data audit to identify and categorise your most important digital assets. Once these are secured, security protocols for other less-sensitive business information can then be established.
  • Implement role-based access control: Restrict access to sensitive data based on job roles. This can minimise the risk of insider threats as well the scope of impact should a threat actor access your network.
  • Enable multi-factor authentication (MFA): This should be an essential step when granting access to sensitive information to staff of contractors. Ensure MFA is enabled when people are accessing confidential information on your network.
  • Encrypt sensitive data: By encrypting sensitive emails, files and other stored information, you can reduce the likelihood of unauthorised access or data theft.
  • Conduct regular security audits: This can allow you to identify vulnerabilities in your business’s IT infrastructure and address weaknesses before they become an issue.
  • Monitor network traffic: A business can identify unusual patterns of access or data exfiltration by monitoring network traffic. For example, uncharacteristic employee access during the night.
  • Disable portable media devices: Portable media devices such as USBs make it easy for someone in the building to copy sensitive information. Eliminate this by disabling portable media devices from copying anything on the network.
  • Provide ongoing employee training: Many security breaches come from human error, so it’s important to have an employee training program in place to keep cyber security front of mind.
  • Back-up data regularly: As well as controlling access to your business’s confidential information, it’s also essential to regularly back up the information, ideally offline. Remember to verify that back-ups are successful, and data can be recovered as needed.
  • Implement a data destruction policy: Businesses should only keep information they actively need. A data destruction policy will help ensure you’re not holding onto information longer than required, and therefore increasing your risk unnecessarily.
  • Create an incident response plan: If and when an incident does occur, it’s important to know how you’re going to respond. An incident response plan (IRP) ensures processes and procedures are followed in the correct manner.
  • Consider cyber insurance: If all else fails, cyber insurance can help your businesses recover financially and operationally after a data breach or cyber attack.
Managing cyber security risks for Australian businesses

Case study: Tesla trade secrets stolen from server

In 2024, a former Tesla employee pleaded guilty in the US for conspiring to sell secrets he stole from Tesla related to battery assembly technology for electric vehicles.1 The technology enables Tesla to produce battery parts at 5-10 times faster than competitors, and between 2004-2017, Tesla had spent $13 million developing this technology.

Due to the information’s sensitivity, it was kept on one server, access to which was under the control of an in-house IT team and limited to a handful of people. One of those people took the confidential documents upon leaving the company and set up a new company offering similar battery assembly lines to Tesla’s competitors.

While the prevention of insider threats is a different challenge, this underlines the importance of access control and encryption – and the potential damage that can be caused if trade secrets are leaked.

Rear view of woman using a tablet device while seated during work presentation

Disposing of business equipment

Another risk comes when business hardware reaches end-of-life. While many organisations choose to donate old laptops to schools and charities, wiping them of sensitive data isn’t always done properly.

“Say a business hires a contractor to refurbish old corporate laptops to on-sell and dispose of their hard drives. But rather than disposing of the hard drives as instructed, the contractor simply deletes the data. This could leave the business at risk, as the receiving party may be able to restore and access their sensitive information if the contractor made an error or omission when wiping the drives,” said Richardson.

“This example really illustrates how important it is to have stringent governance around all aspects of your confidential business data and information, including contractor access controls and oversight.”

The risks involved in using online programs and AI to create digital assets

Over recent years we’ve seen many AI-led programs made available to businesses, to help with everything from creating brand assets to data analysis. As well as keeping your confidential brand assets and information safe and secure online, it’s also important to be aware of the potential risks that come with creating digital assets with online tools.

For example, if you create a logo in the design platform Canva using one of their templates, you cannot register it as a trademark. However, if you create an original logo from scratch in Canva, you can.2

There have been cases of AI platforms being accused of infringing copyright and trademarks when creating design assets, while the ownership of AI generated work is also a grey area at present.

In a developing space like AI, challenges will always emerge. If you’re using AI to interpret confidential data, it’s good practice to ensure the data is anonymised, ensuring it cannot be accessed or used further.

Strengthen your business against cyber risks with QBE

QBE’s cyber insurance policy, QCyberProtect, provides critical support during a cyber event and can help protect against the financial and reputational impacts arising from of digital threats. Talk to your broker today to learn how QBE can help safeguard your business.

1 Fortune, ‘A Canadian man stole trade secrets from Tesla and tried to sell them on YouTube’
2 Canva Help Centre ‘Trademarking logos created on Canva’. Accessed on 17 January 2025.

This content is brought to you by QBE Insurance (Australia) Limited (ABN 78 003 191 035, AFSL 239545) (QBE) as a convenience to readers and is not intended to constitute advice (professional or otherwise) or recommendations upon which a reader may rely. QBE makes no warranty or guarantee about the accuracy, completeness, or adequacy of the content. Readers relying on any content do so at their own risk. It is the responsibility of the reader to evaluate the quality and accuracy of the content. Reference in this content (if any) to any specific product, process, or service, and links from this content to third party websites, do not constitute or imply an endorsement or recommendation by QBE and shall not be used for advertising or service/product endorsement purposes.