Does Your Small Business Need Technology Policies?
by Margot Carmichael Lester, Staples® Contributing Writer
Many small businesses operate without technology policies. But that could put you and your company’s livelihood at risk. Take a look at what you need to include in an employee technology policy to safeguard yourself.
Personal Use
Is limited personal use of company computers and other devices allowed? “Some personal use should be tolerated, because it increases employee morale and productivity,” says Abbey Dieteman, cofounder of Dieteman Technology Consulting in Oneida, NY. “However, there should be a policy that technology use will be monitored and there is no reasonable expectation of privacy on company technology.”
Monitoring
Are there some sites you want to prohibit due to productivity, like popular social media, gaming or eCommerce sites? How much personal time is allowed? “We installed Internet monitoring software that documents how an individual spends time on the computer,” says Vincent Clarke, marketing manager with USB Memory Direct in Hollywood, FL. “We rely on the fact that telling employees they are being monitored will discourage most of them from being unproductive.”
Text Messaging
Is text messaging between colleagues allowed? “SMS and most consumer-based messaging apps send messages unencrypted over the Internet,” explains Jim Patterson, cofounder and CEO of workplace mobile messaging company CoTap in San Francisco. “This means that anyone able to access the network — for example, anyone sharing the Wi-Fi connection at a coffee shop or hotel — can potentially intercept and read the content. This is especially problematic for companies in certain regulated industries, such as healthcare or finance, where data leaks can result in large penalties and fines.” Consider requiring employees to use official company solutions designed for business use-cases and that have security and compliance protections.
Mobile Devices
Without question, every enterprise should have a strict policy banning the use of mobile phones while driving. “Likewise employees should be cautioned about using devices while operating dangerous equipment or in other dangerous situations that might require their full attention,” Patterson says.
Data
What information can employees access — and how — during and after their employment? How do you limit access to critical data? “Use common sense but consider worst-case scenarios,” advises Dmitry Davydov, CMO for Bitrix Inc., a company based in Alexandria, VA, that develops a productivity 2.0 suite for small businesses. “Don’t be paranoid — you don’t have to encrypt everything, but limit access to critical information. Make sure only the right employees have access to it and that your security standards are up to date.”
Downloads & Installs
Can employees download or install applications and programs on company devices? “You may want them to get approval before installing programs needed for their job,” Dieteman says. “And I recommend not allowing employees to download games, as there is a high rate of virus and malware in these types of programs.”
BYOD
Are employees (or interns and temps) required to bring their own devices to use at work? What if they engage in illegal activities while on your Wi-Fi connection? “In most cases, think about how to manage and provide people secure access to applications, data and files,” says Bernardo de Albergaria, vice president and general manager of SaaS products and markets at Citrix. Also include configuration and security of personally owned devices to “protect the organization against threats, data loss and noncompliant usage.”
The Bottom Line
“Small business owners, especially, tend to be hesitant about creating such technology policies because they don’t want to seem like they’re micromanaging employees or being distrustful,” Dieteman says. “As with any business policies, it’s extremely important to have one because your business could be at risk.”