By: Sonny Zulhuda
By transforming to the workplace environment that uses the Internet and other devices of information and communications technology (ICT) as the enabler in running their businesses, organizations are exposed to potential risks out of the abuse and misuse of the said technology by internal employees and any strangers outside the company alike. Such misuse can take the form of security breaches, theft of company’s informational assets, lost productivity, wasted computer resources, electronic viral infections, business interruption and public embarrassment should a workplace lawsuit be filed.
While lots are done for preventing external hackers from jeopardizing internal network and information system, risks from internal sources are often overlooked by most companies. In fact, the threats exposed by these ‘internal saboteurs’ may be as great as the external intruders, and therefore may be as harmful as the external sources of threats.
More often than not, employees within an organization exchange emails and files not related to works and business through the internal network and end up in flooding server’s capacity with irrelevant materials. What makes things worse is when these materials are offensive in nature for being, for examples, obscene, defamatory, or misrepresenting the truth about something. In online and multimedia context, this ‘offensive content’ is elaborated by section 211 of Communications and Multimedia Act 1998 (Malaysia) as those contents which are indecent, obscene, false, menacing, or offensive in character with intent to annoy, abuse, threaten or harass any person.
Meanwhile, unfiltered transfer of files from the Internet may also end up with electronic virus infecting the whole organization’s system. It is the real story that this virus infection could cost companies millions of dollars due to business interruption, lost informational assets, and system reparation.
Responsible managers and employers should stop these potential risks from turning into real catastrophe for their organizations from very beginning. Measures to manage and mitigate those risks should start right from the employment contractual instruments between employers and employees in the first place. The role of such instrument is critical as it can define initial limits and expectations upon the employees specifically in relation with company’s policy on networks and resources.
By signing this contractual instrument in the beginning, employees understand they are bound to comply by company’s rules and policies, any default of which would result in sanctions being taken against them. Such understanding in the initial employment contract should be provided in clear and unambiguous words in order to avoid misinterpretation; and, they have to be firm and workable too.
What is next? Employment contract normally need not be a long law document defining in every detail the dos and don’ts of the organization. Such objective should be ‘translated’ from initial contract documents into other company’s instruments such as Standard Operating Procedure (SOP), internal service level agreement (SLA), or company’s policy and best practices in relation with online activities, computer resources, email and Internet policy, as well as other ICT uses.
These internal instruments, together with the initial employment contract are important yardsticks that help companies and organizations define their expectations upon their employees’ compliance and practice in online workplace environment.