Within the past decade, there has been tremendous growth in the number of businesses which have become equipped with computers and have trained workers to use them. As we enter the 21st Century, there are tens of millions of personal computers in use, along with thousands of varieties of software packages. In the workplace, total dollar sales of computer systems as a share of durable-equipment purchases increased between 12% and 17% every year in the 1990s, while the personal computer market was growing at a similar annual rate. In the U.S. alone, more than 80 million people have the ability to use their computers to communicate directly with other computer users at home or in the workplace, through directly-linked computer networks, telephone line modems or other devices.
This new personal and professional empowerment has allowed customer service-oriented businesses to enjoy previously unheard-of information processing power... leading to more effective management through greater production and greater individual task accuracy. Unfortunately, even though their investment is great, many small business managers are dangerously naive when it comes to protecting it.
If you have even one personal computer in your office, you need to take steps today (if you have not done so already) to assure that your hardware and software is physically protected from theft or misuse.
Your "Computer Supervisor"
The first step is to designate a company "Computer Supervisor" (C-S) who will take responsibility for the management of computers and related equipment and the people using that equipment.
Your firm may be like many small businesses, and not large enough to justify a full-time C-S, so designate an individual to take on this responsibility on a part-time basis, or along with other duties. It's important that someone be charged with the responsibility to oversee your information processing operations and protect the investment you have made.
The C-S is not necessarily a repair person or technical trouble-shooter (although if someone on your staff has those skills, great!). Rather, the C-S is an administrative aide who verifies that users of the equipment and software are working in accordance with company rules, and that proper repair or technical support can be acquired when needed. The C-S is the company's representative between management and the people and equipment who process the information that keeps your business running.
Computer Hardware Maintenance
One of the most important jobs of the "Computer Supervisor" is to keep track of all computer-related hardware used within your organization (you might even want to extend the list to include photocopy machines, FAX machines and telephones). The C-S maintains a permanent record of all this equipment -- individual units, model numbers, serial numbers, etc. -- along with owners manuals, warranty information and service records.
When all this information is collected in one place, and just one person is responsible for it, lots of questions about equipment and service can be answered quickly and efficiently. Anyone who needs to know can find out almost instantly what equipment you own or lease, how old it is, how often it's been serviced, whether it's covered under a warranty, etc. -- a real time and money saver.
On a related note, the C-S should also be the individual responsible for the storage and inventory of related supplies such as computer paper, printer ribbons and blank discs. These supplies are valuable -- and expensive -- and can easily be used up very quickly if there's not a responsible person keeping an eye on what you've got. The C-S should be that person.
The C-S should also be responsible for assuring that all computers and information-processing equipment are disabled after hours -- unless they're going to be needed by someone who does company business after the office is closed. This may involve keeping computers in locked offices after hours, using individual key locks on terminals in open areas, or shutting down an entire network and keeping the main controller under lock and key when your company isn't open for business. Employees (and others who may gain access to the premises) should not be allowed the opportunity to access computer data bases, use computer software, make photocopies or operate any other company information processing equipment for their personal use.
Computer Software Protection
The C-S is also charged with keeping track of software, to keep your firm from getting into trouble with the Software Publishers' Association. In recent years, the SPA has taken a very aggressive approach against firms who have acquired and are using unlicensed (pirated) software. In cases where pirated software use was suspected, the SPA has been known to tip off law enforcement authorities -- and then accompany federal marshals who go into businesses and examine the contents of computer hard drives. In cases where pirated software is found, often the entire computer system (and all its contents) is seized as evidence to be used when the case is brought to trial in the criminal court.
Since federal and local authorities have been so willing to cooperate with software industry anti-piracy efforts, it makes no sense to risk using software that doesn't legally belong to your company. Your C-S will help prevent this from happening by keeping track of all software on disc, making sure that license agreements, original discs, purchase receipts and other verification of ownership is on file and accessible. The C-S will regularly audit your computer hard drives to assure that unlicensed software isn't showing up there, in violation of company policy.
The C-S will work with other members of your staff to assure that data discs are "backed up" often, to provide protection in case of computer hard drive failure. The C-S will assure that these backup discs and all other important paperwork and original discs are stored securely in your fire safe or other protected environment.
The C-S will also keep your company connected with the technical support you need to keep your computers and other information processing equipment running smoothly. Even in the smallest office, productivity can come to a grinding halt when the computer or the software malfunctions. For that reason, you need one person on your staff who has the authority to see that corrections can be made quickly and economically -- to get your computer or computer network back on line as soon as possible.
In the age we live in today, information is power. Organizations both big and small understand and appreciate this fact, and they're working to protect and maintain their investments in computer systems. Your business needs to be working toward this end, too, whether you have one desktop computer and printer... or 30 computers all linked together on an inter-office network.
There's much more to protection than securing your equipment and your facilities after hours. Regardless of the size of your business, it's also important to ensure that your computers and equipment are being used properly during business hours by the people you trust to use them. Specifically, this danger can manifest itself through:
Unauthorized improper computer access and use
Employees who do not have approved access to the computer (or other people who do not even work for your firm) who access information stored in your computer and later use that information for their personal benefit -- or to damage your business.
Authorized improper computer access and use
Employees who have approved access to the computer system who obtain information stored therein and later use that information for their personal benefit -- or to help your competition.
Illegal activities
Authorized or unauthorized users who access your computer and subsequently participate in illegal activities (tapping in to other computer systems via your telephone modem hook-up, illegal copying and selling of your computer software to outsiders, illegal transactions via a public computer "bulletin board", etc.).
If your company's computers are improperly accessed and used, your business name and reputation can be severely damaged. Valuable customer information could be lost to a competitor. Irreparable financial harm could result.
The potential harm from illegal activities, however, is much greater. If a person (whether they're an employee or not) accesses and uses your company's computer for criminal activities, you and your business can be held liable. Law enforcement agencies can and do exercise the right to enter places of business, seize computers and other equipment, seize company assets -- and basically put companies like yours out of business. What's more, business owners like you have found themselves in jail, even without proof that they personally acted criminally to obtain the information which was contained in their computer systems.
A highly-publicized example of such an incident is the case which involved the uploading of a Bell South telephone company document to an Illinois computer bulletin board in 1988 (as related in Business Week, August 6, 1990, and other publications). The bulletin board operator who passed along the document (even though he did not personally acquire it and had contacted telephone company officials to obtain further information about it) was crushed by the corporate bureaucratic, law enforcement and judicial systems. His computer equipment was seized, his subscriber list was confiscated; he was investigated by the Secret Service and brought to trial. He ran up more than $108,000 in legal expenses, lost a year of his life to the legal fight and was threatened with a 30 year prison term. His case was at trial when the defense revealed that the document in question (which Bell South alleged was worth $79,449) was in fact available to the general public for $16. Prosecutors subsequently dropped their complaint, but the damage had already been done. The accused individual's business was ruined; his life will never be the same.
If you have a computer in your office, you need to be able to protect it -- and your business -- from dangers such as these. You need to make sure that people who are authorized to use the computer are using it in acceptable ways which are conducive to the conduct of your business. You need to make sure that people who are not authorized to use the computer are not using it. And, you need to make sure that there is a specific policy which guides employees in the use of the computer and the handling of information contained therein -- to do as much as possible to protect your firm from the harm that comes from improper computer use.
To help you avoid the myriad of problems that can result from improper and possibly illegal computer access, here's a guideline to follow while establishing a company computer policy:
1. Is there a need for a computer policy?
The office that has a network of several computers for managing customer service inquiries, billing and bookkeeping has vastly different needs from an office where one personal computer is used to store correspondence files and balance a checkbook. When determining your need for an office computer policy, then, keep in mind what kind of a system you have and who's using it.
Think about what employees are now using your system, and whether their use of the system is really necessary. Could they perform the tasks they need to accomplish equally efficiently without accessing the computer?
Is the employees' computer use carried out strictly within the workplace, or are employees using their modem-equipped PCs to communicate outside the physical boundary of the workplace? (Areas of off-premises conduct by employees in which the organization has determined it has a legitimate interest need to be specifically identified and communicated to employees. Improper behavior during nonwork time or in off-premises situations -- situations which are specifically addressed in a code of conduct agreement -- may then be subject to regulation in accord with your organization's computer use policy.)
Of course, any policy which is created to govern conduct needs to be absolutely clear and fully explained in the context of all possible workplace situations where it might be applied.
2. If there is a need for a policy, who should be involved in formulating that policy?
Clearly, no one can be expected to write a policy on a subject he or she does not understand. While it is important to obtain input from all sectors of the organization, it is equally if not more important to obtain input from the people most knowledgeable about the subject.
If the policy is to apply to all computer users within your office, then certainly it should be developed with the participation of those users. You'll need to involve management, rank-and-file employees, clerical staff, and the your legal counsel (to assure that the proposed policy is legal and binding and in accordance with the specific stipulations of the National Labor Relations Act).
3. If a policy is to be formulated, exactly what is it being formulated to prevent -- and what will it be designed to support?
If you know beforehand what you're aiming at, you'll be able to create a policy that is specific and yet limited. If the policy were to be developed the other way around, that is, before you identified potential problem(s), the policy could end up being either vague and too broad-based, or narrow and non-encompassing.
Therefore, it's important that you understand exactly what kinds of organizational problems you want to prevent, and what computer use freedoms you want your employees to have, before you begin to draft a policy to contain the guidelines you want enforced.
The policy is likely to be more enthusiastically supported by your rank-and-file if it's presented in a way in which the positive, beneficial attributes of the policy are highlighted (employees should be shown what the policy does for them -- does it reduce uncertainty about their jobs, allow them more freedom to communicate in certain ways, allow them to cut down their work load by concentrating on some tasks while letting go of others, etc. --?).
4. Who will be the individual to ensure the policy is enforced, and, if violations occur, how will they be detected?
Ideally, there should be one individual who has authority for supervision of your computer and will assure that the information storage and retrieval system is maintained and used in accordance with expectations. The duties of this individual and the amount of time spent on this task will vary from company to company, but basically he or she should be a "computer supervisor." As such, he or she may have technical skill (computer proficiency, a knowledge of hardware and software, knowledge of programming languages, an understanding of computer applications, etc.); interpersonal skill (the ability to work one-on-one and in groups with others, effective communication skills, cultivation of resources, and community involvement skills/experience); and managerial skills (ability to direct and organize people and programs, budget planning and management, program evaluation ability, scheduling knowledge, leadership ability).
Based upon the size of your particular business and the configuration of the computer system, the individual charged with supervising and regulating policy for computer use would enforce proper use and guide employees in proper applications of the rules.
5. What will be the consequences for individuals who break the policy?
Any computer use policy must be uniformly introduced and enforced throughout your office. If some employees are made to follow the policy while others are not, great dissatisfaction will occur, no matter how appropriate the policy may be.
In addition to asking for equal sacrifice from all members of the organization, the policy must be written and enforced to assure that all individuals accused of infractions of the rules are treated fairly and equally. Anyone and everyone who breaks a policy rule must be detected, cited, and dealt with in fairly and equally. As with any employee grievance matter, the worker who stands accused must have the opportunity to defend himself or herself before being punished for computer system misuse. No exceptions to the policy can be allowed.
6. How will the policy face review to assure that the outcome of the policy is consistent with the goals originally established for it?
A regular review process must be written into the policy so that you consistently have the opportunity to re-think the policy, re-examine how it works in your office, and interact with others about the appropriateness of continuing the policy. The formation and maintenance of an organization's computer policy should not be a "management job" -- nor should it be "the workers' job"; it's everyone's job, because the establishment and carrying out of a sound policy protects and benefits everyone within your office.
7. If future adaptation and alteration is needed, how can this be accomplished without scrapping the policy foundations already established?
The ability to fine-tune computer use policy goes hand-in-hand with the evaluation process. You must be able to conduct a comprehensive evaluation of the computer use policy and its ability to meet goals -- and then alter that policy as needed to make it stronger and more applicable. As much as possible, the alteration must take place without disrupting rules and regulations that workers have become accustomed to working within. As with the review process delineated in (6) above, individuals from all levels of the organization must be encouraged to participate in the process.
For small businesses lacking a computer use policy -- or lacking a policy that works effectively to balance needs of the organizational structure with the wants and desires of workers within it -- this guide may lend itself toward formation of an official policy... a policy that is appropriate for the needs of managers and rank-and-file workers. Most importantly, this guideline shows how to involve the people within an organization in the formulation of policy that affects them.
In 1975, researcher J. M. Carroll wrote that society's need to protect the status quo while preserving the privacy and empowerment rights of the individual "calls for the use of more information, not less." It's still true today. Computer information storage and retrieval systems are critical to the success of your business and the performance of the people who work for you. These systems must be effectively managed. It is hoped the guidelines suggested in these articles will help you find the management system that works best for you.