First, decide whether an outside professional group will plan the event or an internal group within the company. The external group has advantages regarding reducing liability, but budget is a factor.
Regardless of the above choice, areas of concern include:
• Is attendance mandatory or voluntary?
• Are family members or customers invited?
• Alcohol policy
• Transportation policy
• Conduct code – professional or fun
• Events construed as sexual harassment or hostile
• Social media aftermath
Mandatory attendance will be construed as work. The company will be subject to hourly wages, workers’ compensation claims, and a variety of regulatory issues. Opt for voluntary whenever practical.
Will employee’s families attend? This question is the double edged sword. Families love inclusion and self-govern behavior. The bad news is families self-govern behavior. What process is in place for a wild or disruptive spouse? How about inappropriate airing of the family laundry? Is there bad blood between a spouse and a customer?
The obvious answer is prohibition. No alcohol permitted. Sometimes, alcohol can be very appropriate as long as measures are in place to curtail excess. One rule of thumb is to only allow work-like demeanor or behavior. Under this rule, alcohol would be banned.
Not so obvious, suppose a spouse, child or customer is an alcoholic? In some states, marijuana is now legal. Does the alcohol consumption open the door for the pot? Strictly from a liability viewpoint, drugs and alcohol should be banned from any company function.
Transportation can be arranged for group activities away from the work campus, but use caution. Just as with mandatory attendance, the risk of transporting employees brings in workers’ compensation issues.
All the rules of the workplace, including sexual harassment and bullying, apply to the fun outings. Communicate this fact to all employees prior to the event.
Posting reports and pictures from the outing is good for morale, but screen the social media for embarrassing or inappropriate content.
Think through these issues and decide what sort of outing is appropriate for your company. Create a set of behavioral standards based on the event. For example, competitive sports or team building may get rowdier than a night at the opera. Communicate those expected behaviors for employees and their families.
The recent security breach at Sony underscored not only the need for better security in protecting sensitive internal documents and information, but also the appalling lack of care being taken on an individual level to protect passwords and take other steps to protect (or remove) sensitive conversations and data. Despite a litany of other widespread and serious data breaches in recent years, many businesses still don't seem to be taking cybersecurity as a serious issue that not only could affect them, but very well may.
As a business owner or manager, you've heard time and again how important it is to delegate in order to streamline processes and be more productive – and more profitable. But delegating does not mean turning a blind eye; and when it comes to cybersecurity issues, unless you have a dedicated chief information security officer, you need to take an active role in ensuring your data is adequately protected.
The key to effective management begins with understanding the types of threats that exist and how they're evolving, as well as identifying new threats as soon as they begin to emerge. At the same time, management needs to develop actionable steps to counteract potential breaches, looking for weaknesses at every level, from individual employee passwords and use of personal devices like smartphones, to the way data is encrypted and stored, both in the cloud and on any on-site or remote servers.
Strong, company-wide policies backed up by employee education programs and Q&A sessions are the cornerstones of an effective cybersecurity policy; managers must clearly communicate to employees – at every level – the vital roles they play in protecting the company from cyber threats so they see BYOD and other policies as being protective rather than punitive.
Involving employees in cybersecurity discussions also helps ensure their cooperation and compliance.
One more lesson from the Sony breach: Unlike other cybersecurity attacks that have targeted customer identification and banking information, the Sony attackers also focused on employee emails, revealing information that proved both embarrassing and potentially costly. Many businesses fail to consider emails and personal files when considering cybersecurity measures, leaving themselves wide open to similar breaches.
In a nutshell, companies that assess and manage cybersecurity issues as vigilantly as they do financial, operational and reputation-related risks have the greatest chance of thwarting attacks and breaches. Start today to plan how to avoid breaches as well as how to respond if a breach does occur.