Spring Cleaning for Your Business
Often the day-to-day business management tasks keep our focus and time in such tight attention that we are unable to get to other, big-picture items that also require care. In the rare instances when we find blocks of free time, it can be helpful to have a prepared list of items to tackle. Our business law team has assembled a spring cleaning checklist for your business for just that purpose.
Often, business documents are created at the start of the company or on an as-needed basis as the company grows. This can create inconsistency, policies that are outdated, or documents that are not in compliance with changes in state or federal laws. A business lawyer can help you prioritize a full document review, update any items that no longer serve the company, and flag any gaps in documentation or policies that could be problematic.
If you don’t yet have non-compete, non-disclosure, or non-solicitation agreements drafted, now is a great time to talk with an experienced business law attorney about how to implement those policies.
This is also a good time to review business documents related to taxes, such as your corporate structure. As companies grow, many wonder if they should change from an S corporation to a C corporation.
Inventory Staff Needs
You’re likely already considering your current and future staffing needs. Having time to realign essential business tasks and rethink team structure will help you to assess whether you have the right employees in the right spots. If there are employees that do not have a place in your company, employees that may need to be laid off or let go, or gaps in your staff that require hiring new employees, now is a good time to talk through these situations with a business law attorney so you can be sure to be compliant with all recent (and rapidly adjusting) changes in employment law at the state and federal levels.
Our Frequently Asked Business Law questions post may answer a lot of your hiring/firing questions.
This may seem obvious, but there’s also basic organization tasks that can be completed in and out of the office. If you’ve ever considered implementing Inbox Zero, this might be the right time to try the system. Filing organization, document shredding (after the required hold time has passed), and office cleaning tasks are all easier to complete without interruptions.
Revisit Work From Home Policy
Obviously, many companies were forced into having work-from-home situations that may not have previously allowed remote work. That causes problems for several reasons: basic equipment needs may not be met, employees do not have a set of guidelines to adhere to for the company, security concerns have not been addressed, and this situation will open the company up to more questions about future remote work opportunities and policies.
Do you have an equipment usage agreement in place for every employee? And, is it up-to-date? This is crucial in protecting the company’s investment in technology from loss, damage, and misuse, as well as protecting the company from liability issues. Tablets and cell phones need usage guidelines to distinguish between personal and business use to minimize the risk of things being sent, saved, or shared that could implicate or incriminate the business.
Beyond intentional misuse, home computers are often shared among family members and may not be the most up to date. They may lack critical security patch management that would otherwise protect them and the data on them. They may be laptops which are transported in vehicles and may not be password protected (or have weak or compromised passwords) and the hard drive may not be encrypted. Home computers that contain client data should, to the greatest degree possible, be secured with passwords and encrypted. If you do not have updated anti-virus software, you need to get it. Not some free download type either, but a real program. Can somebody reach out to Charlotte IT for a recommendation? Also, if you must use public Wi-Fi, please use a VPN.
Unsecured personal and public WiFi networks
Your home networks and connected devices may be vulnerable to malware or ransomware attacks through your wireless router. Hackers could monitor network traffic or access files that are on connected devices. In a pinch, employees might even use their personal computers on public networks at libraries or cafes, which are even less secure. Security professionals strongly recommend that employees secure their home WiFi networks (which should be updated regularly) with a robust password and, when possible, should not use computers containing sensitive information on public networks without a virtual private network (VPN).
Related: The current coronavirus situation may lead to increased cyberattacks
Using personal email accounts
Some people may send sensitive information to their personal email accounts (Gmail, Yahoo etc), perhaps out of convenience to download on to a personal computer or to print at home. Many major webmail providers have, however, suffered data breaches in recent years and these non-enterprise email accounts usually lack the robust protections that centrally-managed commercial accounts often have, such as multi-factor authentication or logs that would help a forensic investigator determine the cause and scope of a breach.
Microsoft did a study that shows you are 99.9% safer with two-factor authentication because hackers are less likely to pursue access on those accounts. Sure, they can be hacked, but there are easier targets. It is the same reason a home security system is a deterrent. Sure, it can be worked around, but why bother when the neighbor doesn’t have it?
Syncing with personal cloud storage accounts
Employees may be tempted to use a personal cloud service account to transfer documents or data to and from an office that may be less secure. Files may even be synching from personal computers to the cloud without employee knowledge. As with personal email, please search these accounts for any work-related data on the personal cloud accounts and permanently delete it. Encourage remote employees to turn off any automatic syncing.
Physical document management and destruction
In a hurry to migrate to a home environment, employees may take hard-copy sensitive or confidential materials off-site that they would not otherwise. Employees should be given clear instructions to either log and return documents or, if appropriate and done correctly, destroy documents no longer needed (but still logged for records). If the documents can be destroyed, employees should only do so with a cross-cut shredder.
Unsecure conference lines
An increased need for conference call or video services is a common issue for home work environments, and free services may seem like a sensible temporary alternative, but caution should be used. Some services may not be secure or may even record your conversations by default. Zoom has seen a recent spike in usage and had to make quick security updates.