Although the internet technically began in the 1970s, it didn’t reach the mainstream – as the world wide web – until the 1990s. It is amazing that, in just under 30 years, we’ve gone from sitting at our computers waiting for the dial-up beeps to go through to walking around with the world quite literally in our pockets on our smartphones.
There’s no denying the internet – and our increased access to it through phones, tablets and laptops – has transformed the way we do business. We can communicate more easily and meaningfully while doing business no matter the place or time with the ability to learn more, see more, and do more than ever before. However, there’s no denying that it does come with some drawbacks for both businesses and employees.
The presence of social media has opened businesses up to liability concerns related to the disclosure of confidential or proprietary information, whether intentional or unintentional. Further, it has created an unchecked forum for current and former employees to air grievances about the business, their boss, the company’s pay structure, or any other number of aspects of the company that human resources or the business owner would prefer not to have blasted into the public domain.
The Internet of Things (IoT) itself includes a dark side, where hackers and other nefarious folks become intent on stealing private and personal information on your business, your employees, or simply wreaking havoc on your products, systems, or software.
So how can you, as the human resources professional, balance the good with the bad for the good of the company when it comes to the internet and mobile? The first step: put it in writing within the company handbook.
Yes, it may seem a bit daft to put something in writing that deals with technology since the actual products and our capabilities with such products evolve so quickly. However, setting some standard, comprehensive, overarching principles that comply with legal requirements is imperative. Specifically, this policy should touch on:
- Acceptable use of technology policies clearly define what is considered acceptable use of your company’s computer systems, hardware, software, company-issued phones and other devices. Acceptable use of email and voicemail systems can also be covered under this section. This section should also include information on the consequences for breach of these rules.
- If you allow employees to take work laptops, cell phones or other devices home (or on the road), you will need a policy to cover their acceptable use. Many companies allow employees to use the equipment for select personal use – such as checking their personal email accounts – but may prohibit other actions, such as online shopping, downloading media, or other behaviors. One area most companies prohibit is using company equipment to perform work for a side gig. For example, if you have an employee that also runs a small baking business, make it clear that they cannot use the computer issued to them by your business for invoicing customers or other work essential to their side business.
- Employers should also use the handbook to outline confidentiality policies regarding how personal and private information should be protected. Further, the handbook should clearly outline what steps to take in the event of a security breach or disclosure. Similarly, employees should be made aware of when it is appropriate – and more importantly, inappropriate – to open work attachments on computers and what to do if they suspect that they are receiving phishing, spy or malware attachments.
- In line with equal employment opportunity policies that prohibit discrimination and harassment, your technology policy should also strictly prohibit the use of the internet and social media for harassment, discrimination and cyberbullying. Once again, consequences for such behaviors should also be outlined.
- Some employers may choose to monitor use of employee’s email, social media, and other activities on their workplace computers and phones. While it is technically legal, employers should tread carefully so as to not infringe of the privacy rights of employees. Companies should also be sure that their policies are in compliance with state and federal laws, such as the Computer Fraud and Access Act. Further, the company should state clearly that employees are under surveillance and outline expectations for technology use and monitoring for both parties.
- Should you hear of a common scam or be made aware of direct technology threats to your company, such as a phishing email, you should have a process in place for employees to report it and then quickly alert other employees to the issue and provide them instructions on what to do in the event of a perceived threat.
Beyond the trusty employee handbook, technology policies are an area where you’ll want to conduct frequent training and be sure to communicate with employees as technologies change or usage evolves.
A Professional Employer Organization (PEO) can help you develop mobile and internet guidelines for your business with expert guidance.