Posted on
Reducing risk in the workplace – whether a health or safety, general security or Internet/cyber security risk – is a priority for forward-thinking employers but one that will largely be overlooked until an incident rears its ugly head.
The everyday demands of business tend to get in the way of such priorities, which means, in the unfortunate event that an incident does occur, it is sure to have huge ramifications. Police checking of new recruits and re-checks of employees across their employment cycle help to reduce risk (as long as you have a policy and procedure for your police checks rather than just ‘ticking a box’).
But, have you thought about the myriad of other risks your employees pose?
Okay, it might sound like we’re trying to incite hysteria by asking such a question but it is important to leave ‘no stone unturned’ in the protection of your business. Let’s not forget that being aware of risks and how to avoid them also enables you to take the utmost care of your most valuable business resource: your people.
Social media
There’s a lot of talk these days around social media and how it poses a considerable risk to your business, on a number of levels, malicious or otherwise.
It’s easy for employees to click on shortened links, etc., through social media that may provide an entry point for malware to be covertly installed on your business system. A number of companies are now creating technology to combat this issue.
Employees might also be tempted to air their ‘dirty laundry’ about work frustrations on social media or publish information that is potentially damaging to your company’s image. This opens a whole other can of worms.
John Tuck, who is Partner at Melbourne law firm Corrs Chambers Westgarth, advises all employees to treat social media channels as publications. The law sees it this way: “You are not entitled, through these publications [social media], to act inconsistently with your obligations as an employee.”
Senior Associate at Corrs Chambers Westgarth Christopher Leong further explains, “Employers should make sure they implement a specific social media policy, that the policy is clear on what it covers: What is social media? What conduct is prohibited, out of hours conduct, both on-site conduct and off-site conduct? It’s also important to implement training in social media with your workforce.”
If there is a social media breach, the normal procedures for fair work conduct apply.
Phishing
Similar to insidious attacks by malware on social media, phishing (the attempt to obtain sensitive information, such as usernames and credit card details, by masquerading as a trusted entity through electronic communications) can be a huge problem for organisations.
Even the most well-intentioned of employees may accidentally open an unsolicited email, although more and more people (and company firewalls) are becoming savvier when it comes to smelling a phishing rat.
Cyber security expert Joseph Steinberg says: "It's the same thing that was going on 500 years ago when a guy showed up at a castle and said 'I'm a knight', and he had killed the real knight and taken his armour. The scams are the same in a different medium, so training can only get you to a certain level. People still fall victim to scams; people still make mistakes."
Adult content
According to a recent study in the U.S., one in every 20 U.S. employees has accessed adult-related content on a work device but, apparently, China is the worst offender with one in five employees admitting to using a work device to access adult content.
The danger is more than a workplace harassment lawsuit, although such a danger is very real. Websites offering access to free pornography are likely to do so in order for malware to infiltrate the system access sensitive data.
International differences
What might be acceptable in your country may not be acceptable in another country in which you’re doing business, especially in terms of adult content.
Be aware of cultural differences and sensitivity, as it is surprisingly easy to find yourself in hot water by saying or sharing the wrong forms of information. It might even go beyond insulting someone and destroying a potentially lucrative business relationship – it may extend to breaking a foreign law.
Gambling
The explosion of Internet gambling has made access to betting almost instant on smartphones and computers, which means that an estimated one in 100 employees in the state of Victoria alone are likely to have a gambling problem.
Employers are at-risk of breaching work safety rules if staff members become problem gamblers, which means Internet filters to stop gambling during work hours could be a necessity rather than a suggestion.
Moonlighting
So far, much of our discussion has revolved around technology but what about employees who might be working another job, as well as their job for you?
You might not think that these people pose a risk to your workplace but mental fatigue and physical exhaustion may lead to mistakes, and these mistakes could result in lapses of judgment cause security breaches or even injury if machinery is involved.
Australian legislation has developed around handling performance issues, conflicts of interest and other concerns that may arise when employees moonlight across multiple workplaces. Contact Safe Work Australia for more information.