By Adam P. Whitney, Esq.
Every company should be concerned about security, which includes cyber-security, protection of your company’s assets, protecting employees and the public, and protection against liability. Having the right hiring procedures and company policies will go a long way toward these goals. The below tasks merely scratch the surface of some of the more critical issues for company security.
Job One: Hiring the Right Employees
Background checks should not be just an afterthought. They are a critical part of your hiring process and security plan. Depending on what state and industry you are in, you may be able to perform criminal background checks and screen for certain illegal drugs. But you also usually cannot just ask these questions on an application or an interview. Work with an experienced employment lawyer and/or background screening firm in your state so that all checks and screenings are performed legally and effectively. If you don’t do this and hire someone with a history of violence or harassment, you could be found liable for negligent hiring. The cost of implementing the right procedures will be pennies on the dollar compared to the harm that a rogue employee could cause.
Once you think you have hired the right people, do not turn a blind eye to warning signs of inappropriate behavior. An employee who is disgruntled or acting unprofessionally is a threat to your company’s security plan. One or two disgruntled employees are like the proverbial bad apples that spoil the barrel. Either get these people on the right track or get them out. You are not doing anyone any favors by giving too many second chances.
Job Two: Protecting Your Customer Information and Your Proprietary Business Information
There are now many state and federal laws that mandate that companies protect information about their clients (and employees, too), including medical information, credit information, Social Security numbers and other personal information. If your company obtains any such information, you must have a data security plan to protect both the paper and electronic documents containing such information.
It is up to you to decide what information or trade secrets are vital to your business, but you must take steps to protect it. Employees going to competitors or starting their own business would love to get a jump start by walking out the door with your information, whether that is a customer list, pricing information, proprietary software, etc. Employees also steal computers, equipment, supplies, money and pirate your employees, but that is a subject for another day.
If you are forced to file suit to protect your trade secrets or proprietary information, the court will want to know what your company did to protect the information. If you did little or nothing, the court may well deem it unworthy of legal protection. You need policies on what information is proprietary, and then you need to take actual steps to protect it, such as only disseminating on a need to know basis and keeping information under lock and key and/or password protected. Think through carefully about issues such as employees bringing their own devices, working from home on their own computer, and e-mailing company information to themselves. These are not at all easy issues in this technology age, but if your information is truly valuable, you will have to work through it.
Job Three: Protecting Your Employees and Customers from Harm
There are many ways that your employees or customers can be physically or emotionally harmed. Harm can come from disgruntled employees (see Job One), who can sexually harass, discriminate or bully other employees. Although you are required in most states to have certain policies to address the issues, don’t look at the policies as a burden.
An enlightened company will welcome these policies as tools to weed out the bad apples before something happens that exposes the company to liability. Studies show that a diverse team performs better, so your company should fully embrace a workplace that is free from all types of discrimination and harassment so that everyone can perform to their full potential. Show me a workplace where there is sexual harassment, bullying or discrimination, and I will see a workplace that is dysfunctional, underperforming, and also at risk for a serious safety incident. It starts at the top, so you cannot accept bad behavior even if it comes from your best salesperson or a top executive.
If you have done Job One correctly and have implemented your policies, your chances of having a disastrous situation, such as an employee act of violence, will be greatly reduced. But you should always hope for the best and prepare for the worst. Consider having policies prohibiting firearms, other weapons, drugs, and alcohol on company property or other work locations. Have a plan in place in the event of workplace violence, including an active shooter. Work with a security consultant or law enforcement to set up the plan. Also consider the physical security of your workplace, including who has keys or fobs and how often you change the locks or passcodes. Do you have a camera system to see visitors? Obviously, the type of business you are in will determine what security measures you take.
I hope that this article gets you thinking about security issues for your company. If you want to get serious about these issues, start speaking to an employment lawyer, background screening firm and/or security consultant in your jurisdiction so that you can start getting a handle on your company’s weak points and better protect your company, its people and its assets.
Adam Whitney is the owner of the Law Office of Adam P. Whitney in Boston, Massachusetts. He assists private businesses with employment law, business litigation and shareholder dispute matters.
