Fifteen Tips for Effective Employee Training2

Fifteen Tips for Effective Employee Training^[2]

1. Show employees you mean business by having a senior company official (the more senior the better) and a compliance officer or lawyer introduce the organization’s IM risk-management program to employees. Clearly explain the following:

   • Why the organization is implementing a formal IM program, complete with written rules and policies.

   • What IM-related risks and liabilities the organization faces. Include a discussion of internal IM survey findings.

   • What role individual employees play in IM compliance: identifying business record instant messages, retaining and deleting messages according to guidelines, adhering to IM usage and content policies.

   • What penalties IM policy violators will face.

   • Where employees should turn if they have questions or need additional information following training.

2. Employees tend to respond more favorably to training when it is conducted by an outside expert, rather than a colleague. Consider hiring an experienced e-risk management/e-policy training expert to educate all employees, from the CEO to the summer intern.

3. Begin training with a recap of the IM-related liabilities and risks facing the organization and its employees, from lawsuits and lost productivity, to security breaches and loss of confidential information, to viruses and embarrassing headlines. Attach dollar figures to risks whenever possible.

   Bring the organization’s risks to life by reviewing the findings of the internal IM risk survey and sharing a few real-life e-disaster stories. You’ll find examples of IM and e-mail disasters in this book and regularly in the news.

4. Announce the organization’s new strategic approach to IM. Explain why management is adopting this program:

   • If you are banning IM completely, explain why. Spell out the penalties for scofflaws who defy the policy by downloading personal IM software after the ban goes into effect.

   • If you are installing an enterprise-grade IM system, provide details about its features and capabilities. Be prepared to receive a negative response from some employees when they learn that the new system is strictly for internal use. Discuss the penalties that await tech-savvy renegades who defy the policy and attempt to download personal IM software for external chat after the organization’s new system is installed.

   • If you are using a gateway solution to manage IM use via public networks, explain why and how the technology works. Let employees know that they can continue to use personal IM clients to communicate internally and externally—but the company will now monitor, block, purge, retain, and archive messages in compliance with its IM rules and policies.

5. If your industry is regulated, or if some of your employees perform job functions that are regulated, be sure to review applicable IM content and retention regulations.

6. Distribute printed copies of the organization’s IM rules and policies. Walk employees through each rule and policy, point by point. Encourage questions and discussion. Have experts from your legal, compliance, IT, and HR departments on hand to answer employees’ questions and address company-specific technology and legal questions.

7. Devote considerable time to a discussion of IM content. Make sure employees clearly understand what type of language, tone, text, art, files, and other materials they are—and are not— permitted to transmit via IM.

8. Discuss IM ownership, privacy expectations, copyright concerns, and confidentiality breaches. If your policies include the monitoring of employee IM use, say so. If you are allowing employees to use consumer-grade IM clients, make it clear that these messages are also the property of the organization and may be monitored, too.

9. If you allow personal IM use, explain to employees exactly what type of personal use is acceptable and unacceptable. Let your staff know when personal IM communication is allowed, for how long, and under what circumstances. Remember, clear guidelines are always easier to understand and adhere to. If ‘‘some’’ personal use is allowed, employees and managers will have to interpret where the line is drawn. And you may not be comfortable with their conclusions.

10. It is difficult to manage IM business records long term without a method for consistently and reliably identifying business records. Employee training is essential. If employees don’t understand which messages should be retained, it is likely that important instant messages will be lost or fall into the wrong hands. As part of IM training, be sure to provide employees with a clear definition of an IM business record, and provide step-by-step guidelines for employee participation in the organization’s IM retention and deletion strategy.

11. You can train your employees to adhere to the rules of sending appropriate instant messages that comply with the organization’s policies. But what happens when an employee is on the receiving end of an unsolicited instant message that violates written policy? Don’t leave policy compliance to chance. Use your written rules to instruct employees how to handle such instant messages. Instruct them to:

    • Ask known senders to stop sending offensive instant messages.

    • Block offenders from their IM buddy lists.

    • Report ongoing unsolicited and offensive instant messages or spim to the IT department—particularly if the sender is unknown.

    Explain that replying to banned content (solicited or not) may put the employee in the loop—making an innocent recipient party to the violation and subject to disciplinary action, and even termination.

12. Review penalties thoroughly. Make it clear that IM policy violations will result in disciplinary action, up to and including termination.

13. Ask each employee to sign and date a copy of the IM policy,-acknowledging that the employee has read it, understands it, and agrees to comply with it. Employee acknowledgment will help protect the organization from claims by violators who threaten wrongful termination suits on the grounds that they had no knowledge of the organization’s IM rules and policies.

14. Provide each employee with a signed copy of the policy. Put a master set of written IM rules and policies in the organization’s comprehensive employee handbook. Make electronic copies available via the company’s e-mail or Intranet systems as well.

15. Do not wrap up training until you are certain every employee understands each IM rule and policy, and is clear on what constitutes appropriate and inappropriate use of the organization’s IM system.

    IM Rule # 29: Continuing education is directly linked to successful instant messaging risk management.

^[2]Ibid. See also Nancy Flynn and Randolph Kahn, Esq., E-Mail Rules, New York, AMACOM, 2003.