Insider trading used to happen on Wall Street, where deal-makers and analysts routinely handle company secrets and the temptation to cash in can be great, or in corporate C-suites, where advance word of a company’s plans or problems could be leaked to family or friends. But recent Securities and Exchange Commission enforcement actions and Justice Department prosecutions show there’s also money to be made trading on the kind of information that mid-level employees at nonfinancial firms have about the operations of their companies.

The latest enforcement actions also show that if companies don’t do something about it, things could get sticky. And it’s not just a matter of negative publicity. An SEC enforcement action against a wayward employee can not only hit a company with costly and embarrassing sanctions as a vicarious offender, it also poses the risk of criminal liability.

Take the charges the U.S. Attorney’s Office for the Southern District of New York announced in December related to Primary Global Research, an expert network firm. One of its employees has pleaded guilty and another has been charged, but the government also filed charges against public company employees who consulted for the firm, including a supply chain manager at Advanced Micro Devices, a senior director of business development at Flextronics, an account manager at Taiwan Semiconductor, and a former supply chain manager at Dell.

Efforts to reach Primary Global Research for comment were unsuccessful. The DOJ declined to comment.

The information possessed by supply chain managers, sales executives and other mid-level employees may not seem like the stuff that moves markets, but the definition of inside information has expanded in recent years. So what should public companies be doing to reduce the risk that employees will leak inside information?

To insulate themselves from secondary liability in insider trading, companies need to have “policies that tell employees in no uncertain terms that, ‘You cannot leak’ insider information,” says Stephen Bainbridge, a law professor at UCLA who worked as a defense attorney in SEC enforcement proceedings before entering academia.

“That is not enough, though. You have to back those policies with active training programs as well as whistle-blowing systems, so if employees know of someone leaking information, they will be encouraged to report it,” Bainbridge adds. If companies have such systems in place and are diligent about applying them, “they’re protected from secondary liability,” he says.

Avoiding liability is only part of the challenge. Even if they’re not liable, companies don’t want the reputational risk that comes with insider charges. Jimmy Fokas, a partner at law firm Baker Hostetler, adds, “The leaking of insider information means competitors get your trade secrets.”

Big Lots, a Columbus, Ohio-based discount retailer, for instance, filed a lawsuit in November against a Tampa-based research firm, Retail Intelligence Group, alleging the firm, which markets information to stock pickers, “wrongfully induced” Big Lots employees to provide company trade secrets.

Derek Noce, Retail Intelligence’s director and senior analyst, says he “cannot comment at this time” on the lawsuit.

“Because of these latest cases, a lot of nonfinancial companies are starting to wake up to the fact that there is a need to bulk up their compliance and training programs,” says Fokas, who was a senior counsel with SEC’s enforcement division prior to joining Baker Hostetler. “The more robust a program, the better a company can successfully argue to regulators and the DOJ that they’ve done all they can” to prevent leaks of insider information by employees.

“The enforcement actions by the SEC, and especially the DOJ prosecutions, are a wake-up call,” says UCLA’s Bainbridge. “From what I’m hearing, there is an enormous amount of activity now, with law firms meeting with their corporate clients and drawing up policies and programs. I think we’re going to see everyone starting to do what banks and Wall Street firms have been doing for years to prevent and educate employees about insider trading.”

While obvious steps are important, like limiting access to insider information and destroying copies of documents that are not needed, Fokas says, “It comes down to education, primarily. Most people who engage in insider trading think they’re not going to get caught. It’s not true, but people need to learn about the risks.”

Lynn Stout, a law professor at UCLA who specializes in securities law, argues that while there’s nothing wrong with monitoring employees, it’s very expensive. Companies hoping to prevent leaking of insider information would do better to focus on developing an ethical culture among employees, instead of sanctions and enforcement, Stout says.

“You can’t afford to hire detectives to follow your employees all the time, or to monitor all their e-mail correspondence and phone calls,” she says. “Besides, all they have to do is wait until they go home and use their own phone or computer.”

Insider trading is so easy, and the profits to be had so great, that the better tactic is “to make sure your employees want to act ethically on their own,” says Stout, who just published a new book, Cultivating Conscience: How Good Laws Make Good People.

“There is some 50 years of empirical data that show if people are given the right cues, they will behave ethically,” she adds.

The tone at the top is critical, and it’s important employees feel that everyone around them is following the rules, Stout says. “If you find any employee who is violating the rules, you have to crack down hard–and publicly.”

The second thing is to make employees understand why leaking or misusing inside information is harmful to the company. “People are more likely to obey the rules if they understand the reason for the rule, and why it’s good for the company,” Stout says.

If that’s wrong, interesting times are ahead. Like crackdowns on drugs, stepped-up enforcement of insider trading laws is likely to raise the offering price for good inside information, increasing the temptation to provide it.

“Can this be controlled?” asks Bainbridge. “I doubt it. We’ve had a problem with insider trading for 50 years. Information is the mother’s milk of the stock market and as long as people are willing to pay for it, the only question is what the price will be. All large-scale enforcement can do is tamp it down.”

For a look at managing the risks involved in new technologies like Facebook and Twitter, see Herding Social Media.