Many of us may find it difficult to remember a time when conducting our work duties did not involve extensive use of email communications and the internet. Internet use has rapidly changed as interactive social media, such as Facebook, LinkedIn, and Twitter came to be. When employees engage in such internet social networking, the line between workplace and personal conduct can be easily blurred.
Organisations recognise the need to embrace new and emerging technologies in conducting their business and fulfilling its objectives. Electronic communications utilising these technologies open up opportunities for sharing information and provides new and innovative ways to conduct business. However, it also brings with it an obligation to manage the risks associated with the use of these technologies. Regulating the use of electronic communications including the internet, email, social media, and telephones are necessary to provide all employees with a safe working environment and protect your customers and your business from commercial harm.
Key Legislation Relating to Electronic and Online Communications
There are three key pieces of Australian Legislation that control and regulate the way in which businesses and individuals behave online. Whether you’re conducting an online promotion, sending a newsletter, or simply posting onto Social Media, these laws must pay a part in how your business operates electronically.
- Electronic Transactions Act 1999: Ensures that a transaction under a Commonwealth law will not be invalid simply because it was conducted through electronic communication.
- Privacy Act 1988: Regulates and provides an individual greater control over how their information is handled.
- Copyright Act 1968: Grants copyright owners the exclusive rights over the material they have copyrighted, which might include text, photos, images, icons, computing programs, video, or audio.
These pieces of legislation all play an important role in protecting businesses, their staff, and the consumer. Understanding the key elements of each and ensuring your staff as trained on how it applies to them and their roles will minimise the risk to your business when engaging online.
Taking the key legislation and key learnings from each, your business then needs to create and implement policy and best business practices when engaging electronically. An Electronic Communication and Social Media Policy is fundamental to sound risk management. The policy should apply to all users of our business’s technology, equipment, and services.
An effective Electronic Communications Policy should include:
- Referenced legislation
- The purpose and scope of the policy
- Who the policy applies to
- The objectives of the business in relation to risk management of Electronic Communications including Social Media
- Policy Implementation including a right to monitor
- What happens if there is a breach.
To get you started with implementing policy for your business, a customisable Electronic Communications and Social Media Policy can be downloaded at the end of this post.
Your Right to Monitor
Email and Internet systems will always be the property of your organisation. By accessing the Internet, an Intranet and electronic mail services through facilities provided by your business, your staff should acknowledge via your policy that your organisation may from time-to-time monitor, log, and gather statistics on employee internet activity and may examine all individual connections and communications. This type of monitoring can be done by your business itself or through its Internet Service Provider.
Securing your network infrastructure (the hardware and software resources of an entire network that enables network connectivity, communication, operations, and management of an enterprise network) is the first step to minimise both internal and external electronic breaches. Your business will need to implement a Security Awareness Program to reduce the overall risk to your business. This works on three levels:
1 – The first line of defence in any security stance is your controls: “How we enforce security ‘best practices’ and prevent successful compromise”
2 – The second line of defence is detection: “How we can catch attacks or attempted breaches, or how we know whether our controls are working.”
3 -The third line of defence is your people: “How aware they are of security and what are they doing to avoid being a weak link.”
Best Practice to Implement for your people:
- Never disable settings for virus protection, spam, and filtering that have been installed.
- Don’t compromise or attempt to compromise the security of any IT facility belonging your business
- Keep passwords confidential, and change them when prompted, or when known by another person
- Use passwords that are not obvious or easily guessed
- Do not allow others to log in or use another team member’s account
- Never leave a computer unattended when it is logged on.
- Inform a Manager if they become aware that an unattended computer is logged on
- Log off at the end of each session
- Never knowingly initiate or forward emails or other messages containing:
- A message that was sent to them in confidence
- A computer virus or attachment that is capable of damaging recipients’ computers
- Chain letters and hoax emails
- Spam, e.g. unsolicited advertising material.
Privacy and Confidentiality
Privacy is something that can impact your brand, disrupt the customer experience, and potentially damage your company’s reputation. This means it’s important that technology isn’t used in a manner that breaches an individual’s right to privacy. Maintaining privacy for both your business and customers must be a priority when communicating online. Our blog Maintaining Customer Privacy can provide you with further, in depth information on the Privacy Act and how it applies to your business and customers.
The need to embrace new and emerging technologies when conducting business and fulfilling your business objectives is inescapable. However, it also brings with it an obligation to manage the risks associated with the use of these technologies in a coordinated way to build a legacy of dependable precedence and encourage consistency.
To see further how dita Solutions can help you implement effective staff inductions that provide quality training on Security Awareness and Electronic Communications, contact us here.
Download Our Free Policy
Download our free and customisable Electronic Communications and Social Media Policy. Our Policy provides clear guidance to help you get started with implementing this policy for your business.