Set expectations on electronic communications
News headlines have been dominated in recent weeks by the ongoing saga related to Sony Pictures Entertainment's controversial film "The Interview." It is alleged that North Korea led a cyber attack on Sony's computer servers as a response to their plan to release the film whose plot involves the assassination of leader Kim Jon-un.
For several days, a group calling itself the "Guardians of Peace" released a series of confidential and often embarrassing data leaks from the company, including Sony employee salary details and Social Insurance Numbers. They also released the content of internal emails that severely damaged the reputations of those involved, including a thread that contained racist jokes directed at President Barack Obama.
After things escalated beyond data hacks to the threat of violent attacks if the film debuted as planned, Sony first decided to delay the release of the film. After Sony received criticism from numerous sources, including President Obama, they decided to release it in any theatres willing to show it as well as on-line. Read more (Source: Business Insider).
The idea of an external person breaching your company's internal data and sharing confidential information with the world should send a chill down the back of every HR professional and business owner.
Many business owners might be wondering if their data can ever be truly safe. While there are cases for and against storing your data in "the cloud," ultimately each business must decide for themselves if they want to take the plunge. Services like DropBox, Google Apps for Business and Microsoft’s SkyDrive and Office 365 make moving to the cloud seem relatively easy and pain free.
But what can you, as the HR professional in your organization, do? There are several steps you can take. While you may not have any control over your company’s data after it is sent to the cloud, you are able control how data is handled within your company.
As a way to try to avoid the embarrassing release of emails or texts that contain content that you would not want published in the press, develop an appropriate use of email communications policy and ensure that you entire workforce (including senior executives) follow it.
Some elements that policy should contain include:
Bring your own device policy
Another focus should be a Bring Your Own Device (BYOD) policy. With smart phones becoming nearly ubiquitous, many companies are allowing their employees to use their own devices, rather than provide them through the company. The trade off is a reduction in equipment cost, but a potentially higher risk of data vulnerability/loss. A BYOD policy means you can set out the terms of employees having access to company data through their personal equipment. This policy can also be applied to employee laptops, for those employees that use their own laptop or work remotely on occasion.
A policy that outlines access to data should also be developed. With many cloud storage solutions, there is often a desktop version available. This allows the documents to be stored on each employee’s computer which, while convenient, can lead to disaster if an employee decides to leave and has a copy of your most valuable data on their hard drive. You must decide if the convenience is worth the potential loss of security, or if you want to insist your data is to remain in the cloud only.
How will the data be accessed?
Another item in your arsenal should be to include a definitive procedure to follow when an employee leaves your organization. This could be a checklist that runs through all the steps that must be taken when an employee moves on, regardless of the circumstances. Forgetting a simple thing like having keys returned means your office could be vulnerable.
Things on your list should include: removing the employee’s passwords, alarm codes (if applicable) ensuring the return of any company property –i.e. keys, laptops, etc.
A good time to review these steps would be when you first hire an employee. While it may be a bit awkward during hiring process to review the policies and procedures regarding an employee that is leaving the organization, this helps ensure that the employee understands and agrees to the terms of employment.
Need helping developing policies? Let the team at Clear Path put their expertise to work for you.
We'd love to connect with you!
Clear Path Employer Services
295 Thompson Drive, Unit 2
Cambridge, Ontario N1T 2B9
T: (519) 624-0800
T: (888) 336-0950
F: (519) 624-0860
Website created by:
Hear More About Us:
Spread the Word: