Computers and smart phones have become imperative to small businesses. For years these technologies have been giving small businesses owners and their employees the flexibility and accuracy they need. There is however a potential downside to them as they can also lead to an increase in security risks and potential breaches.
Lately, it has become almost routine to hear about unethical network access, even at the most sophisticated organizations including Sony, Target and Home Depot. These news headlines are bound to make small business owners nervous. After all, if such large, sophisticated organizations are impacted by security breaches how can small businesses mitigate the risk of criminal activity via electronics?
One way employers take a preventative approach is by implementing policies pertaining to privacy requirements and the use of computers in the workplace. It’s important to be aware such policies usually only apply while an employee works at the small business and become ineffective upon termination of the relationship.
Read on for two additional recommendations to ensure privacy.
- Draft policies that go above and beyond a basic policy – include the Criminal Code
Did you know that under the Criminal Code of Canada criminal charges can be laid for Unauthorized Use of a Computer or Mischief in Relation to Data? Both offences are punishable by prison terms of up to a maximum of ten years.
a) The offence, Unauthorized Use of a Computer, is used typically to charge hackers or persons involved in computer-related offences, and is related to the intent to commit an offence.
b) Mischief in Relation to Data is related to the willful or reckless damage to data, including destroying, altering, rendering meaningless, useless, or ineffective, and obstructing, interrupting, or interfering with the “lawful use of data” or “any person in the lawful use of data or denies access to data to any person who is entitled access thereto”.
TO DO: Policies related to computer use should include a statement that identifies these Criminal Code offences as well as the organization’s willingness to press criminal charges against employees or former employees under the Criminal Code in the event of a breach of their obligations.
- Use appropriate measures when terminating an employment relationship
When an employment relationship ends, employers should take a number of steps to aid in protecting the organization’s data integrity. These steps include:
- Conduct the termination by issuing a termination letter, provided to the employee in private, reminding them of their ongoing obligations related to confidentiality;
- Escort the employee from the premises and send any remaining personal effects of the employee to their home via courier as soon as possible;
- Remove access to all resources, services, software, and information as soon as possible, including remote access capabilities;
- Retrieve all company property the employee may have had including computers, cellphones, keys, access cards, and
- Consider changing any locks, access codes, or other means of access to the organization’s office(s), equipment, buildings, or other organization-related spaces.
In conclusion, privacy and/or security breaches of organizational information cannot always be avoided, but having strong policies and procedures in place which limit access to information and set out specific consequences including criminal charges, can help organizations to minimize damage and provide recourse.
Ceridian HR Advisory Services can help you keep your business secure. Find out more here.