Every new device or piece of software seems to be a double-edged sword. Employees can now bring a tablet to work that in some cases is more powerful than a desktop computer was 10 years ago. They can take it to a coffee shop, use it on the train while commuting, and work from home. That’s great progress. Such flexible working can be a tremendous efficiency gain. However, your employees can accidentally leave the same tablet in all those places or have it stolen too. Hours might go by without anyone noticing whereas a stolen desktop computer leaves a very big and very obvious gap behind it.
What about social media too? Your employees will no doubt spend some of their day checking Facebook, either on their lunch hour or logging in and out here and there just as they would nip in and out of the kitchen to make a cup of tea. One more disruption to the working day, some might say. Although, for some businesses social media is a new and rewarding way to do business, enabling them to engage with customers and provide an extra level or dimension of service.
Things were simpler when Twitter did not exist, when laptops were as heavy as a brick and came with very short battery life limiting how far they could be taken and used. Hacking is also a more widely known and experienced phenomenon and with it comes the threat to your data security: before the Internet, someone had to actually break into your office and use a crowbar on your filing cabinet if he or she wanted to steal your data. Not now. A teenager on the other side of the world can hack into your website and steal information without even knowing the location of your office.
Put simply: your business has IT hardware and software that is in some cases unrecognizable even from just the last year, let alone the last ten. Your employees can now do all manner of things with that tech, which simply weren’t possible before – as can the hackers, of course. With all these technological opportunities afoot it is now more essential than ever to clarify to your employees what your company’s position entails. This includes general etiquette, the more formal rules, and the wider consequences surrounding the use of any new technology, brought in by you or otherwise.
If your business doesn’t offer guidance, training or a clear policy to your staff, then your business may not be in a position to govern with confidence or security. If your HR team doesn’t keep abreast of the changes in technology, and what it means to the business and its employees on a personal and professional level, then that can leave them – and management – without direction and assurance. In such cases, employees may end up deciding for themselves how to use a new piece of technology, and if that happens, all manner of conflicts can arise if something serious occurs further down the line.
Let’s imagine for a moment your business buys in a couple of tablets and gives them out without any guidance about how they should be used or used in reference to company policy. But then one of them is stolen from a coffee shop. A couple of concerns will instantly spring to mind: What data was on it? Was it password protected? Can the thief get to the data? If the thief cracks the password, could he or she get access to the company’s server in the office? What other data or systems are at risk? Can you and should you wipe or disable the device remotely?
Personal vs. Corporate
As a business owner you might reasonably think it is entirely up to you to decide. But think carefully before you take any action. If there wasn’t clear guidance given out along with the device, an employee may reasonably feel that he or she too has a right to decide the next step especially if there is any personal data stored on it. As Russell Whitlock, director of Hixon Russell HR Consultancy, explains:
If there is a clear HR policy in place, and the employee has read, understood and signed up to it then the employer does have an underlying right to decide whether or not to, for example, remote wipe a device. But this right hasn’t really been tested through the courts yet. It’s still new ground and we need more test cases to help establish a firm precedent on which to base future judgments.
So it seems that the wisest choice a small business can take is to tread carefully. Legal ownership may grant the right to decide what action to take about a stolen device—as long as a policy is in place and agreed to—but there are still legal and HR uncertainties surrounding how such a right would be viewed if the device is owned by an employee and contains personal data.
Either way, if you don’t think about these scenarios upfront and clarify and communicate your approach to them, you could potentially be exposing yourself to a future HR nightmare. If you set a precedent of “wait and see” or “we’ll cross that bridge when we come it” you will perhaps set in motion a precedent that may be very hard operationally to retreat from or might even diminish your legal position.
Far better to have a clear policy on these things if you can before you even buy a new piece of technology. Preparing for technological change will help handle the transition, and offering such clarity will instill confidence throughout your business from the onset and in doing so help to allay confusion and diminish the chances of conflict and nightmares. But how do you do this and where do you draw the HR line? Is it even possible any longer to draw a line? Yes, it is. The following steps will help you keep up with the pace of change and how to manage things from an HR perspective:
Six Simple Steps
1. Understand the latest issue or technological change and how it applies to your business and employees.
2. Consult an IT expert and an HR expert if you’re not sure what the implications are.
3. Discuss the situation with your employees; ask them for their input.
4. Decide your final position at management level.
5. Document it and communicate it using an information security policy, a digital policy and a social media policy. Or roll them all together if you think that’s more appropriate than having three separate documents.
6. Educate your team, monitor the situation and update your approach to suit.