The answers to these questions are complicated, but they are vital to your business’s success; even a small business can lose over a thousand dollars a minute when its systems are down. The $64,000 question is, how do you protect your business from the consequences of non-work related technology use? What steps do you take to guard against the results of your employees’ personal use of their work computers?
Develop Appropriate Technology Policies
Nobody likes being the heavy. As an employer, you should be able to expect professionalism out of your staff as the norm. However, technology, through the computer and the Internet, has muddied the waters considerably. Consider the following scenarios:
Alice, the front-desk receptionist, has considerable time when she’s not performing work-related activities; she uses this time to work on marketing materials for the amateur theater group she’s a part of. This includes printing brochures on the company’s color laser printer. Is this an appropriate use of your company’s resources?
Mike, the purchasing guy, is waiting for upgrades to the purchasing application to be completed. While he waits, he gets on his social media account, and posts pictures of his college fraternity’s reunion. Most of these are innocuous, but a couple of them are downright racy. Is this appropriate use of your computers, and should he be posting the not-innocuous pictures, regardless of whose machine he uses?
Mary, your marketing person, is searching the internet for images to use in your next marketing campaign. She stumbles across a porn site by accident, and immediately deletes the pictures, but another employee saw them first, and calls HR to initiate a hostile environment sexual harassment suit. What now?
These scenarios are all too common in the workplace today. You need to nip any potential problems in the bud by having technology policies covering as many potential scenarios as possible, and they need to have some teeth. Furthermore, you need to use those teeth if necessary. Every company is different, and will have different scenarios playing out in the day-to-day work place. Use judgment when developing your policies, and when you enforce them.
What Types of Policies Should You Develop?
There are six areas where you need to have policies in place:
1. Use of Technology
Policies for the use of company-owned computers, fax machines, internet, e-mail, voicemail, telephones, printers, and storage devices and media. These policies detail what is considered appropriate and inappropriate usage, and outlines the consequences of not following them.
Policies detailing password guidelines and use, access to the network, access to storage devices, use of virus protection, confidentiality of company processes and data, and the appropriate use of data. These policies should also consider the security of any data the company maintains.
3. Disaster Recovery
Develop plans for recovery from fire, flood, earthquake, and destruction of the building by natural or unnatural means, including but not limited to data recovery and data backup methods. Also include plans for recovery from a data breach, should one happen.
Standards for the type of hardware the company will use, and the software and systems the company will maintain. Also develop standards for the types of software to be prohibited, such as music sharing programs, inappropriate websites, and other software considered inappropriate for use at work or on work machines outside the office, such as company-owned laptops, tablets, or smart phones. Policies for usage of appropriately-licensed software are also needed.
5. Network Usage
Policies regarding network configuration, adding new employees, permission levels for employees, and access to storage devices and media.
Guidelines on how to address technology needs and problems; define the appropriate department(s) to contact for long-term technology planning, support for technical problems, maintenance, and installation of new hardware and software.
These are complicated issues, and no one expects you to be able to deal with them on your own. If you have no technical people at your company, find appropriate companies to outsource your technical needs, and if necessary, outsource the development of your policies as well. However, you will be responsible for these policies, so be sure you understand and agree with them before you implement them. Otherwise, you may find yourself deep in the land of unintended consequences, looking for a way out.