Posted by: David Scott
business productivity, content management, data security, employee monitoring, employee training, enterprise security, IT productivity, IT training, non-work applications, Non-work apps, small-to-medium business security, SMB security, workplace security
Small-to-Medium Business (SMB), and in many cases large enterprise environments, faces a burgeoning challenge. Namely, how to train, monitor, discipline and, in some cases, make allowance regarding employees’ use of non-work applications.
First, the plethora of temptations: Gmail (and other free-mail); Facebook (and other social networking sites); instant chat agents/direct messaging; Dropbox and other fileshares; 3G cards, Flickr, Skype, Youtube, comment areas, unauthorized websites, smartphones, and on and on…
While these and other elements can have some measure of sanction in some organizations, there is also a “Wild West” situation in others, whereby unregulated use leads to unbridled time-wasting, and the opening of avenues of risk.
In fact, some employees labor to skirt all manner of domain policies, inhibiting anti-virus/malware controls, and flaunt Acceptable Use policies where utilized.
As far as avenues of risk and temptation: It’s only going to get worse, with ever-more extraneous endeavors available, and plenty of employees will inhabit non-productive, risky, activies.
It’s important to set expectations right up front. Policies for security and the acceptable use of systems should be published quarterly, and again upon significant update. All new employees must be apprised of the organization’s position regarding non-work applications and areas.
In many cases, there will be outright bars to use of social networking or random surfing. However, in many cases there will be official work accounts for Facebook, as example. Here, it’s important to state whether there is allowance as well for personal Facebook time. Be aware that employees have been documented as forgetting which social networking account they’re inhabiting, and have made inappropriate communications/postings regarding either work or personal statements to the wrong account.
No matter your organization’s mission, size, or tolerance of various non-work items: State a policy for all areas of concern. Educate employees so they know what they may and may not do. Discipline those who break rules.
Don’t wait for the inadvertent, or even deliberate, exposure of sensitive company assets to the wrong forum. Don’t wait for a debilitating decline in productivity. Make certain that HR and IT address the “do”s and “don’t”s in your regular staff meetings, and that those departments are current and questing in the case of managing non-work apps and enablements. Maintain policies with a forward eye.
JOTD: Two horses and a dog are in a barn. The older horse says to the younger horse, “Hey, tomorrow is my last race, and if I win, my owners are likely to put me to pasture and I’ll enjoy my last days in the sun. However, if I lose, they may be unhappy enough to send me to the glue factory. I think I can best all the other horses with the exception of you. Will you let me win tomorrow? It’s only one race, after all…”.
The younger horse thinks for a moment, and says, “Well, I don’t know. I’ve won all my races thus far, and I have an unblemished record. I don’t want to ruin that – plus, if I lose the race to an older horse like you, I may never recover my reputation. No, I don’t think I can do it.”
Just then the dog, who has been listening in, speaks up and says to the younger horse, “Listen to yourself! Your friend has asked you for one simple favor: To lose to him tomorrow, in order to possibly save his life. You only have to come in second for one race; you can still beat all the other horses. How about it?”
The younger horse turns to the older horse and says, “Hey, look at that… a talking dog!”