The workplace today sees an influx of digitally-savvy Gen Y workers, along with social media and collaboration tools as well as personal mobile devices, driving the need for companies to rethink IT ground rules being communicated to new employees to ensure compliance with business conduct and maintain the security of corporate data.
Lyon Poh, partner of management consulting at KPMG Singapore, noted that as the Generation Y demographic in the workforce increases, companies cannot think about simply placing restrictions and should instead look at the kind of perimeters the entire organization can operate within.
This is where and why IT policies or guidelines need to be redefined so that the technology can assist new employees in being more productive and efficient, while at the same time, instill responsible usage. This will ensure any associated business or security risks will not be ignored, Poh told ZDNet Asia in an e-mail.
Doug Neal, research fellow at CSC's Leading Edge Forum (LEF) Executive Program, which is the company's global research and advisory service, concurred: "Leveraging tools such as personal devices and social media present great opportunities for innovation, but there has to be a balance between keeping employees and the business secure, while also incubating innovation."
IT guidelines are necessary because they affect either a company's external branding or physical property and, hence, avoid legal ramifications, said Melissa Norman, managing director at recruitment agency, Kelly Services Singapore and Malaysia.
For example, social media guidelines protect a company's name while guidelines to prevent leakage of confidential data protect a company's property or operations, Norman explained in an e-mail.
These market players outlined 10 revamped IT guidelines that companies should communicate to all new employees during the staff orientation.
1. Security is "part of everyone's job".
IT security guidelines are a must to avoid exposing the company's data to external parties, reduce risks of file corruption or virus/hacking attacks, and avoid copyright or licensing issues, Norman highlighted.
Sharlyn Lauby, president of ITM Group, a South Florida-based management training and human resources consulting firm, added that these guidelines should include basic Internet security practices, including how to create strong passwords.
CSC's Neal also emphasized that security systems alone are not enough so new employees must know that regardless of their job scope, they play an active part in detecting and reacting to threats.
2. Social media and collaboration is permitted, if not, expected.
Neal observed that social collaboration today is key for businesses, hence, companies should allow--or otherwise, expect--staff to participate in social media, whether inside or outside the organization.
This also means that new recruits should know they are expected to learn how to use social media tools well, as well as understand the risks before using such tools.
3. Use social with care and common sense.
KPMG's Poh added that as long as the time spent on social media does not affect the quality of work, restrictions on staff using social media for their personal lives are not necessary.
Because no amount of guidance or security technology can ever be comprehensive enough to handle all threats, new employees must be told to exercise care and common sense in their use of social media, especially in light of increasing zero-day and social attacks.
All staff also should be informed that they can approach the IT department for assistance whenever they are in doubt, he advised.
4. Understand disclaimers and confidentiality.
Lauby said companies must clearly outline to the new employee what they consider confidential and proprietary information, since this differs from organization to organization.
This should include practical guidelines, Norman added. For instance, social media guidelines can inform new employees to put disclaimers highlighting that views expressed on social channels belong solely to them and not of the company's. In addition, she said anonymous or fictitious aliases when referencing the company in posts should not be allowed.
5. Public cloud should not be used for company's confidential data.
Compared to corporate storage systems that can be cumbersome to use, storing corporate data on external file-sharing sites such as third-party cloud services is convenient for employees to share and back up their documents, KPMG's Poh acknowledged.
However, using these public cloud storage services should not be encouraged as confidentiality is not always guaranteed, he said.
He advised companies to continue to monitor this space to find ways to enhance user experience and make internal IT services more compelling for use.
6. Use of personal IT device is encouraged, but comes with safeguards.
Since there is growing preference among employees, especially mobile workers, to use their personal devices such as smartphones and tablets for work purposes, it is more productive to engage staff in how they can tap these devices for greater productivity rather than prohibit them from using the device, said Poh.
It is not necessary to implement restrictions on the use of any particular model, as long as the rules are followed and safeguards are in place, he added.
Neal concurred, saying that as employees develop new capabilities, they are urged to take on new responsibilities and that includes making use of their own IT equipment.
7. BYO device is your responsibility.
Neal emphasized that the new staff should also understand that the bring-your-own (BYO) model is not primarily about the type of gadgets used, but about the responsibilities these employees agree to take on by using their own devices for work.
Poh added that companies could consider having staff submit information about their personal device upon applying for access to the corporate e-mail. This will ensure the IT administrator can immediately wipe out content remotely if the device is misplaced, he explained.
8. Speak up, suggestions are welcome.
The danger of ignoring the needs of employees, for example, around using personal devices, may "propel them to find illegitimate ways to work around the system", Poh cautioned.
Hence, it is better for organizations to work with employees to find ways to improve productivity and set perimeters for them to operate within, he said. This way, new staff know they are able to air their needs or concerns, he added.
9. Clear policies to help avoid misunderstanding.
Norman emphasized that companies must create and ensure policies are transparent and applicable to everyone, hence, benefitting both the company and new employees. Policies set a clear understanding of the company's guidelines and help prevent misunderstanding between the two parties.
Lauby added that since every company views technology different--some give a lot of access while others limit it--transparent IT guidelines that are clearly communicated to new employees will enable these workers to know exactly what is expected of them from day one, "eliminating any surprises [or shocks]".
10. Failure to act in accordance with guidelines can result in dismissal.
Any company should include this warning as part of their IT usage policy, Neal noted.
Lauby agreed, noting that by communicating the ground rules to new recruits, and especially if those rules permit a high level of access to IT and the Web, employers in return would expect staff to conduct themselves in an appropriate manner.