If your company laptop is lost or stolen, there is more at stake than just the cost of replacement. Confidential company files located on laptops and other mobile devices can be compromised if the files are not adequately protected. Technology and communication policies exist to protect companies from such losses. They also protect companies as well as employees from the negative effects of harassment. Employees who use company email to distribute jokes, files or links considered to be harassing or unethical can cause companies to lose stockholder trust, employee trust and market share. Effective policies inform and educate employees on the proper use of technology and communication tools in relation to legal, ethical and other risk factors.
Effective policies advise employees what to do to lessen all recognized risks. But simply writing a policy is not enough. Employees need to be made aware that the policy exists. They also need to be educated about the intent and content. Policies should be released along with training programs, and training should be updated periodically. New hires will typically be trained during an orientation or on-boarding process. All employees will be re-trained when policies are updated, or on a periodic basis.
When the policy content includes simple sentences and common words, the policy stands a better chance of reaching the majority of employees. This is especially true for multicultural workplaces where English might be a second language for some employees. A policy should also be designed to transition into the workplace with a usable set of best practices. Employees should be told specific actions to take or not to take. Providing examples in work instructions or training materials helps to clarify the circumstances associated with each action. There should be no room for interpretation.
Policies must be designed to address all employee situations, including those in virtual offices that separate them from their colleagues. All technology-based communications should comply with three primary security principles: confidentially, integrity and the availability of information. Each of these principles must be maintained whether an employee is communicating only within the corporate network, or is linking to the corporate network from a home-based or other Internet connection. All company data should be encrypted to further support its confidentiality and integrity.
Email and Instant Messaging
Policies specific to email should account for retention periods relating to organizational requirements, in support of litigation and compliance matters. Guidelines should describe acceptable file types for attachments, and identify when sensitive information should be transmitted using different communication channels to ensure privacy. Employees must be made to realize email and instant messaging are designed to promote business productivity, not to support social networking. To help employees recognize that communications made using company networks and technologies could be scrutinized, policy guidelines should address professional conduct, along with acceptable language and terminology.
- George Doyle/Stockbyte/Getty Images