Many of us may find it difficult to remember a time when conducting our work duties did not involve extensive use of email communications and the internet. Internet use has rapidly changed as interactive social media, such as Facebook, LinkedIn, and Twitter came to be. When employees engage in an internet social network, the line between workplace and personal conduct can be easily blurred.
Organisations recognise the need to embrace new and emerging technologies in conducting their business and fulfilling its objectives. Electronic communications utilising these technologies open up opportunities for sharing information and provides new and innovative ways to conduct business. However, it also brings with it an obligation to manage the risks associated with the use of these technologies. Regulating the use of electronic communications including the internet, email, social media, and telephones are necessary to provide all employees with a safe working environment and protect your customers and your business from commercial harm.
Key Legislation Relating to Electronic and Online Communications
There are three key pieces of Australian Legislation that control and regulate the way in which businesses and individuals behave online. Whether you’re conducting an online promotion, sending a newsletter, or simply posting onto Social Media, these laws must pay a part in how your business operates electronically.
These pieces of legislation all play an important role in protecting businesses, their staff, and the consumer. Understanding the key elements of each and ensuring your staff as trained on how it applies to them and their roles will minimise the risk to your business when engaging online.
Taking the key legislation and key learnings from each, your business then needs to create and implement policy and best business practices when engaging electronically. An Electronic Communication and Social Media Policy is fundamental to sound risk management. The policy should apply to all users of our business’s technology, equipment, and services.
An effective Electronic Communications Policy should include:
When you implement policies, you can download a customisable Electronic Communications and Social Media Policy at the end of this post.
Your Right to Monitor
Email and Internet systems will always be the property of your organisation. For example, you can access the Internet, an Intranet or electronic mail services through facilities provided by your business. In doing so, your staff should acknowledge via your policy that your organisation may from time-to-time monitor, log, and gather statistics on employee’s internet activity. Additionally, they may examine all individual connections and communications. This type of monitor procedure can be done by your business itself or through its Internet Service Provider.
Your network infrastructure consists of the hardware and software resources of an entire network. It enables network connectivity, communication, operations, and management of an enterprise network. Securing it is the first step to minimise both internal and external electronic breaches. Your business will need to implement a Security Awareness Program to reduce the overall risk to your business. This works on three levels:
1 – The first line of defence in any security stance is your controls: “How we enforce security ‘best practices’ and prevent successful compromise”
2 – The second line of defence is detection: “How we can catch attacks or attempted breaches, or how we know whether our controls are working.”
3 -The third line of defence is your people: “How aware they are of security and what are they doing to avoid being a weak link.”
Best Practice to Implement for your people
Privacy and Confidentiality
Privacy is something that can impact your brand, disrupt the customer experience, and potentially damage your company’s reputation. This means it’s important to use technology in a manner that does not breach an individual’s right to privacy. Maintaining privacy for both your business and customers must be a priority when communicating online. Our blog Maintaining Customer Privacy can provide you with further, in depth information on the Privacy Act. Additionally, it will describe how it applies to your business and customers.
The need to embrace new and emerging technologies when conducting business and fulfilling your business objectives is inescapable. However, it also brings with it an obligation to manage the risks associated with the use of these technologies. For example, this builds a legacy of dependable precedence and encourages consistent behaviour.