dita Solutions

Menu

Managing Risks with Electronic Communications and Social Media

by

Many of us may find it difficult to remember a time when conducting our work duties did not involve extensive use of email communications and the internet. Internet use has rapidly changed as interactive social media, such as Facebook, LinkedIn, and Twitter came to be. When employees engage in an internet social network, the line between workplace and personal conduct can be easily blurred.

Organisations recognise the need to embrace new and emerging technologies in conducting their business and fulfilling its objectives. Electronic communications utilising these technologies open up opportunities for sharing information and provides new and innovative ways to conduct business. However, it also brings with it an obligation to manage the risks associated with the use of these technologies. Regulating the use of electronic communications including the internet, email, social media, and telephones are necessary to provide all employees with a safe working environment and protect your customers and your business from commercial harm.

Key Legislation Relating to Electronic and Online Communications

There are three key pieces of Australian Legislation that control and regulate the way in which businesses and individuals behave online. Whether you’re conducting an online promotion, sending a newsletter, or simply posting onto Social Media, these laws must pay a part in how your business operates electronically.

  • Electronic Transactions Act 1999: Ensures that a transaction under a Commonwealth law will not be invalid simply because its conduction was through electronic communication.
  • Privacy Act 1988: Regulates and provides an individual greater control over how to handle their information.
  • Copyright Act 1968: Grants copyright owners the exclusive rights over the material they have copyrighted, which might include text, photos, images, icons, computing programs, video, or audio

These pieces of legislation all play an important role in protecting businesses, their staff, and the consumer. Understanding the key elements of each and ensuring your staff as trained on how it applies to them and their roles will minimise the risk to your business when engaging online.

Implementing Policy

Taking the key legislation and key learnings from each, your business then needs to create and implement policy and best business practices when engaging electronically. An Electronic Communication and Social Media Policy is fundamental to sound risk management. The policy should apply to all users of our business’s technology, equipment, and services.

An effective Electronic Communications Policy should include:

  • Referenced legislation
  • The purpose and scope of the policy
  • Who the policy applies to
  • The objectives of the business in relation to risk management of Electronic Communications including Social Media
  • Policy Implementation including a right to monitor
  • What happens if there is a breach of the policy.

When you implement policies, you can download a customisable Electronic Communications and Social Media Policy at the end of this post.

Your Right to Monitor

Email and Internet systems will always be the property of your organisation. For example, you can access the Internet, an Intranet or electronic mail services through facilities provided by your business. In doing so, your staff should acknowledge via your policy that your organisation may from time-to-time monitor, log, and gather statistics on employee’s internet activity. Additionally, they may examine all individual connections and communications. This type of monitor procedure can be done by your business itself or through its Internet Service Provider.

Network Security

Your network infrastructure consists of the hardware and software resources of an entire network. It enables network connectivity, communication, operations, and management of an enterprise network. Securing it is the first step to minimise both internal and external electronic breaches. Your business will need to implement a Security Awareness Program to reduce the overall risk to your business. This works on three levels:

1 – The first line of defence in any security stance is your controls: “How we enforce security ‘best practices’ and prevent successful compromise”

2 – The second line of defence is detection: “How we can catch attacks or attempted breaches, or how we know whether our controls are working.”

3 -The third line of defence is your people: “How aware they are of security and what are they doing to avoid being a weak link.”

Best Practice to Implement for your people

  • Never disable settings for virus protection, spam, and filtering that have been installed.
  • Don’t compromise or attempt to compromise the security of any IT facility belonging your business
  • Keep passwords confidential, and change them when prompted, or when known by another person
  • Use passwords that are not obvious or easily guessed
  • Do not allow others to log in or use another team member’s account
  • Never leave a computer unattended when it is logged on
  • Inform a Manager if they become aware that an unattended computer is logged on
  • Log off at the end of each session
  • Never knowingly initiate or forward emails or other messages containing:
    • A message that was sent to them in confidence
    • A computer virus or attachment that is capable of damaging recipients’ computers
    • Chain letters and hoax emails
    • Spam, e.g. unsolicited advertising material.

    Privacy and Confidentiality

    Privacy is something that can impact your brand, disrupt the customer experience, and potentially damage your company’s reputation. This means it’s important to use technology in a manner that does not breach an individual’s right to privacy. Maintaining privacy for both your business and customers must be a priority when communicating online. Our blog Maintaining Customer Privacy can provide you with further, in depth information on the Privacy Act. Additionally, it will describe how it applies to your business and customers.

    The need to embrace new and emerging technologies when conducting business and fulfilling your business objectives is inescapable. However, it also brings with it an obligation to manage the risks associated with the use of these technologies. For example, this builds a legacy of dependable precedence and encourages consistent behaviour.

    related resources

    >