Columbia’s pretty rad. We’ve got things going on and, better yet, things to do and take part in. Since my last two CBT articles...
As a business owner, you might lie awake at night worrying about many things. If one of these is liability related to the ways your employees may potentially use your company’s computers and computer-related technology, it’s time for a computer use policy and user agreement. And if it’s not worrying you, maybe it should be.
Why is this important?
The amount of illegal activities in which employees can engage has increased dramatically in recent years. Using their work computers, employees could send threatening or harassing emails to internal or external contacts, copy and distribute confidential information, gain unauthorized access to others’ computers or download and distribute illegal adult content. If you have an employee using a company-owned electronic device, you need to protect your business by creating and requiring employees to sign an electronic equipment policy statement. As a part of this, employees should be required to waive their right of privacy and allow you as the employer to monitor computer usage.
What’s your liability if you don’t have one in place?
It has become more common for companies to be held criminally responsible for the improprieties of their management and employees, especially when the company fails to establish and enforce related corporate policies. An employer’s failure to appropriately control Internet and email usage usually results in a legal finding against the employer. For instance, employers have a responsibility to prevent harassment in the workplace. Therefore, it is imperative for you as an employer to have the legal right to fully investigate an employee’s computer usage during his/her employment. A computer use policy and user agreement also allows you to properly defend yourself should you become a part of a lawsuit.
What to include?
The key to an effective technology-use policy for your organization is to start with the mission statement of the company. What is the objective of your company? In what ways should your employees be using technology to accomplish your mission? These questions will help lay the basis for what your employees can and cannot do with technology in your business.
Some key point to consider:
When technology is used properly, it can increase productivity; when technology is abused, productivity is greatly deteriorated. The essential purpose of an Internet-use policy is to minimize risk and encourage productive use of technology without excessively limiting its use.
Most policies will have some commonalities. For example, you most likely need to include that “Internet use is for business purposes only” and that “harassment is strictly prohibited.” You should also state that the company “has the right to openly monitor its employees’ Internet and email activities.” It should end with the provision that “the employee has read, understood and comprehends the policy and agrees to follow the instructions of the employer.”
Your policy should be in writing and distributed to each employee. Have the employee sign it, and place the signed copy in the employee’s file. Employees should have access to the policy for review at any time.
Once a policy has been created and adopted, a training session should occur to make employees aware of the policy and to set expectations. Then the policy must be enforced to remain effective. Prompt action must be taken in the event of any use outside the scope of the policy, as well as illegal or wrongful activity.
Now, you must have a way to monitor your employees’ Internet access. This can be accomplished by installing a quality firewall solution than incorporates Web content filtering. Once installed, have your IT department set policies to block any websites that fall outside of your defined parameters.