Addressing New Policy Issues in the Workplace

Jan. 1, 2019

With the start of a new year, it is now a good time for shop owners and managers to review workplace policies and make sure all their employees are aware of these changes. Creating a safe and productive workplace is the goal; so having prepared policies in place is crucial.

With the start of a new year, it is now a good time for shop owners and managers to review workplace policies and make sure all their employees are aware of these changes. Creating a safe and productive workplace is the goal; so having prepared policies in place is crucial. While vacation and sick time, dress code and job duties are likely already clearly spelled out, there are now a few areas that could use some attention.

NOLN spoke with experts to highlight policies every shop should consider addressing in 2019 and beyond.

Anti-Bullying Policies

No one wants to go to work if they feel uncomfortable or bullied, and allowing this type of behavior to exist can create a toxic environment that will hurt productivity — and could even put employees or customers in actual danger. A shop floor needs to be built around teamwork.

Unfortunately today, studies have shown that workplace bullying is on the rise, and almost 75 percent of employees in the American workforce have said they’ve been affected by workplace bullying. Those who haven’t been bullied have witnessed it take place, and that has still impacted how they work.

The Workplace Bullying Institute described workplace bullying as “repeated, health-harming mistreatment of one or more persons (the targets) by one or more perpetrators. It is abusive conduct that is threatening, humiliating or intimidating, or work-interference, i.e. sabotage, which prevents work from getting done.”

Bullying is common in schoolyards, but many bullies continue this behavior into their adult lives.

“Bullies bully for a number of reasons — power, personality, masochism — because they can; no one stops them,” said Beth Plachetka of Safe Harbor Counseling.

A main difference between schoolyard bullying and workplace bullying is that the latter tends to be less physically harmful, yet is more psychological and verbal in nature. It may be subtler than the schoolyard variety, but it is quite distinctive from normal workplace stress.

“All bullying is not the same, except in the effects it has on the targets,” Plachetka said.

“Targets end up feeling ostracized, labeled and helpless to address the situation,” she added. “Bullying is accomplished by innuendo and generalizations that call into question the dignity, personhood and identity of another person. Ironically, the target is often an excellent worker with good social skills and a good work ethic. The challenge for targets is that they tend to believe that all people are acting from the same place and want what’s best.”

Studies have also shown that workplace bullying is not equally split between men and women, as women tend to bully their male coworkers more. It is also not carried out only by supervisors and superiors, but by all coworkers. However, supervisors can help reduce bullying.

“When senior leaders foster a climate of respect, it trickles down, and there is less bullying type of behavior,” said Dr. Teresa Daniel, dean and professor of the Human Resource Leadership program at Sullivan University.

“When employees understand that there are real consequences for certain types of behavior (e.g. bullying, harassment, fighting, etc.), they quickly conform to the expectation that everyone will be treated respectfully and professionally,” Daniel said. “Managers need to quickly intervene and tap down the banter and teasing that often occurs in environments where people work in close physical proximity to one another.”

Bullying often tends to be an issue with younger workers, often because these individuals are already ultra-competitive in their social lives, which include sports, video games and other activities where “trash talking” is socially acceptable. What might seem fine among friends on the basketball court or while playing a video game can become a real issue on the shop floor.

“The idea to trash people we don’t particularly like or with whom we are having conflict is not a new phenomenon, but cellphones, computers and social media make it so much easier to inflict widespread damage through the spread of rumors, outright lies or compromising photos,” Daniels warned. “Generation Z’ers (one generation below millennials/born after 1995) have spent their entire lives on social media, predominantly on Instagram, and many of them have probably shared inappropriate photos or passed along rumors; so, it is familiar territory for them.

“Many work interactions happen outside of regular business hours and in non-office settings; and employees often use the same social media platform for both their work and personal use.”

One way to resolve the bullying — either directly in the shop or via social media — is to educate employees on what bullying is and how to address it. There is no actual legal definition of bullying. However, the Trade Union Congress has stated that, “usually if a person genuinely feels they are being singled out for unfair treatment by a boss or colleague they are probably being bullied.”

As a result, bullying can be hard to define, but it is definitely not a one-off event. It is deliberately intended to dominate and cause distress or fear in the intended victim. It does not happen “by accident,” and it is a deliberate action. Even when the perpetrators may suggest they “meant no harm” when reprimanded, it often involves a planned campaign.

Bullying has no place in the shop. As such, a company needs to have a strategy in place to deal with it. Experts recommend three key points to address bullying in the workplace:

  • Clearly define bullying, as well as the consequences. It is not enough to simply tell employees that bullying won’t be tolerated. Employee handbooks need to include a list of actions that could be considered bullying, which would include threats, blackmail or violence as well as comments that are racial or sexual in nature. Those committing actions that would be considered bullying will face suspensions or possible termination from their positions.
  • Shops should encourage immediate reporting. Employees should know that all actions considered bullying need to be reported as soon as possible after an incident. Failure to do so creates a culture where bullying is considered acceptable behavior.
  • Shop owners and managers should get everything in writing when a claim of bullying is made. Claims of bullying should be handled the same way a claim of sexual harassment would be investigated. This should include written statements from the victim and accused, as well as any from witnesses. Claims that turn out to be true should merit punishment based on the severity of the bullying — with serious actions resulting in suspensions or termination.

“The optimal approach to addressing bullying in the workplace is to develop a culture of respect,” Plachetka said.

“This includes inspiring a questioning attitude when any worker makes negative comments about another or labels another worker,” she said. “Observations about other people should be focused on observable behaviors without judgment. Doing this takes away the necessity of determining if bullying is occurring or not.”

Managers can take a position of power by reminding workers of the culture of respect that requires dignity, inclusion and collaboration.

“When the bully finds that no one will join in, he or she often moves on,” Plachetka said. “Zero tolerance of behaviors outside of the culture of respect is important. Witnesses and bystanders can call out the bully, as well. The fewer people who will listen to the bully, the quicker the bully loses power and interest.”

Evacuation Plans in Case of an Emergency

As recent disasters, including hurricanes in Florida and fires in California, have proven, the right preparation can make the difference between life and death in an emergency. Shops should make sure there is a clear evacuation plan for those unforeseen events.

Most shops may tend to be rather modest in size, at least compared to a corporate office building or factory, but an evacuation policy can still help keep employees safe during an emergency. The Occupational Safety and Health Administration (OSHA) Publication 3088 “How to Plan for Workplace Emergencies and Evacuations” states that employers should have an emergency action plan that includes escape procedures and route assignments; and this should include floor plans, workplace evacuation maps and safe or refuge areas.

Employers can create these evacuation maps or route diagrams with arrows that designate the primary and secondary exit route assignments, and these maps should include locations of exits, assembly points and notably, equipment that may be needed in an emergency. That equipment could include fire extinguishers, first aid kits and spill kits, among others.

Employers should also create an emergency action plan (EAP), which is a written document and is one required by particular OSHA standards. For smaller organizations, the plan does not need to be written and may be communicated orally if there are 10 or fewer employees. However, for shops — especially ones with a lot of technician turnover — this should still be part of the workplace policies.

The EAP must include, but is not limited to:

  • Means of reporting fires and other emergencies
  • Evacuation procedures and emergency escape route assignments
  • Procedures to be followed by employees who remain to carry out critical operations before they evacuate
  • Procedures to account for all employees after an emergency evacuation has been completed
  • Rescue and medical duties for those employees who are to perform them
  • Names or job titles of persons who can be contacted for further information or explanation of duties under the plan

In addition the policies should note exits, which should be: clearly marked and well lit; wide enough to accommodate the number of evacuating personnel; unobstructed and clear of debris at all times; and unlikely to expose evacuating personnel to any additional hazards.

The evacuation plan, along with routes and exits, should be posted prominently for all employees to see.

The primary elements of a good emergency evacuation floor plan should include:

  • Designated primary and secondary exits
  • No emergency exits in restrooms
  • Exit away from rooms with hazardous materials
  • No emergency exits into narrow passages or other dead ends
  • Exit signs indicating the nearest emergency exit
  • Designate a safe primary and secondary assembly area
  • No use of elevators to reach an emergency exit
  • Indicate exits with wheelchair access
  • Indicate the employee’s current location and be oriented to the actual floor arrangement

What to do in Case of a Cyber Attack

Thanks to our reliance on technology that includes computer networks where employee and customer data is stored, inventory is tracked and websites are hosted, all businesses are now “high-tech” in some sense. This is why cyber criminals now target retail as much as actual tech giants to steal data.

The sad fact is, it isn’t so much what a business can do to stop a cyber attack but rather how to handle one after it has occurred. However, whether addressing this issue from the corporate level to a franchisee to an independent shop, the best way to deal with a cyber attack is limiting its chances of occurring.

“You should always update your computer with the newest patches, new anti-virus and anti-malware,” said technology industry analyst Roger Entner of Recon Analytics.

The best thing you can do is to plan in advance, and then tighten up your practices to make some other company the low-hanging fruit for harvest by digital thugs, added Jim Purtilo, associate professor in the Computer Science department at the University of Maryland.

“Sound practices help head off much of the impact in the first place,” Purtilo said. “We should have reliable, up-to-date and off-site backup of important data no matter what. At some level, it doesn’t matter whether a machine is out of commission due to ransomware or a fire, we’re still out of business. New hardware is the easy part — but how are you going to populate it with the information needed to get back to making money?”

In addition, after an attack, whether successful or not, it is important to address it.

“The way to keep the impact limited is communications with corporate IT if you [have that department],” Entner said.

“When an event occurs, make sure you and your employees know an immediate action drill that avoids making things worse,” Purtilo suggested. “It’s tempting to think we can all diagnose and tweak something back into operation, but the reality is that bad guys have practiced on untold thousands of small business owners already. A lot of what they do is seed the internet with diagnostic information that would turn shallow issues into something very deep for you.”

This is very true with a computer, too, and the situation is worse since the web offers as much malicious advice as sound advice. So after an attack, don’t expect an easy fix, even if some guy on YouTube promises that it isn’t a big deal.

Again, this is where preparation can make all the difference. This is also why experts recommend that data is backed up to an offsite location regularly.

“Have backups that go back several months,” Entner said. “Have a backup that is not connected (to the computer network).”

However, just getting the data back up and running is just one part of the issue. Cyber criminals often steal data, and that can include not only personal information on employees, but also client data including credit card numbers. Not all attacks are the same. So how to respond can depend on the type of cyber attack.

“When an incident happens, there are any number of likely next steps for the business, depending on the kind of exploit it was,” Purtilo said. “Ransomware will lock up a machine, demanding payment for it to be unlocked; your decision would be to risk paying versus recovering your systems from protected backup.”

“Never pay,” suggested Entner. “There is no honor among cyber criminals. More often than not, people pay, and they don’t get their data back. Also, even if they get it back it probably has some kind of backdoor in it so that the criminal can come back and make a one-time payment into a criminal subscription business. Be prepared to walk away and rebuild the system from scratch.”

Other attacks can be just as serious. Sometimes data isn’t just locked; it could literally be stolen, leaked or sold!

“A data spill might have just shared your customer information on the outside, and potentially it isn’t immediately visible to you as such; once detected, your decisions would be about how to notify customers of the exposure so they can protect their own interests, which is the responsible thing to do,” Purtilo explained. “Sometimes an exploit will be to just cause damage, from simple digital graffiti to outright destruction of records or hardware; your decisions would be about finding the cost-effective way to restore operations and closing off whatever was the attack vector that allowed it to happen in the first place.”

One thing that no business should do is avoid coming clean about an attack. This can only create a situation that makes matters worse, as the business now has a PR debacle for concealing the attack as well as dealing with the attack itself!

“Notify customers if there is even a remote possibility that they are impacted,” Entner said.

In the end, the best advice for dealing with a cyber attack is to avoid exposing the most sensitive data, and to use some commonsense strategies. The most obvious is keeping the business machine(s) separate from personal use.

“Air gap your critical data when you can,” Purtilo said. “We all slip now and then for innocent reasons, but it only takes one slip to have a problem. There are many other practices that will help direct malicious behavior to someone else’s door instead of yours — choose strong passwords, use multi-factor authentication for accessing your systems when available, keep systems meticulously patched and updated, avoid social media and sketchy sites on the company machines and more. Work it out early, make sure your employees are trained up on them and keep your recovery plans updated so if the worst happens, then you only experience a speed bump, not a crash.”