Who’s, when’s, why’s and what’s of HR’s involvement
Social media typically poses two major concerns for an organisation and its HR department: namely productivity and security. An employee that spends three hours a day on social media is wasting the company's time and money. Furthermore, since these applications were not designed for business, most don't contain the built-in security measures essential for the enterprise environment.
HR, first of all, needs to identify who in the organisation is authorised to communicate via social media, and why the use of social media is relevant to their role.
Once this is established, it becomes important to assess what types of controls need to be implemented and to what extent they need to be enforced.
The third step is to ensure that in order to monitor productivity and enrich an employee’s experience at work, strategies are in place for when these controls should be enforced or relaxed. For example, should they be allowed to access social media during their lunch breaks or after work or should they have pre-determined times when these controls are enforced, for instance in a call centre during peak hours?
How acceptable does the AUP need to be?
In general, the Acceptable Use Policy (AUP) should be designed to accomplish two important objectives:
(1) Maintain employees’ high productivity levels, and
(2) Keep a company’s network safe from hackers and malware
In order for an AUP to be widely accepted and readily implemented, HR departments should be involved in formulating the policy from the beginning of the process and designing a program that is effective across all departments. HR managers must ideally work with the legal team who play a critical reviewing role; they must then determine if the draft AUP is non-discriminatory, acceptable and enforceable. The finance team should also be engaged in helping to understand the potential financial exposure involved in breaches of the policy.
It is clear that the IT department has the requisite knowledge to create social media policies. They understand the issues and the way the technologies are used. However, it is equally clear that the HR department is also a stakeholder in this area regarding compliance issues and monitoring and enforcing the policy. Yet according to a study conducted by Forrester Research Group, around 40% of businesses have an application policy that was formulated wholly within IT, without the necessary input of other departments, including HR.
In summary, while some software solutions offer the protection and security for an organisation from malicious attacks and data leakage prevention, HR’s involvement in developing, implementing enforcing the policies becomes a critical step towards sustainable compliance from employees. HR managers can control what applications can be accessed with use of application control software and content management, and even more granular control over when and who can access these sites. Ultimately, however, they must understand and appreciate the needs of the employees and the organisations alike and find ways to address both.
Application control technology is the HR department’s ally in preventing productivity sapping network activities while enabling employees to benefit from the new world of work in what has fast become a socially networked workplace in the internet-driven economy.
About the author
Pat Devlin is Regional Director, Australia and New Zealand, WatchGuard Technologies. For further information visit: www.watchguard.com/