Is It Time to Renew Your Email Policies?

Email PoliciesAs the year winds down so do some of the projects you have been working on. But as we all know, as those projects come to completion they will be replaced by new ones.

In the spirit of the new year and new year’s resolutions, make this year the one you revamp some of those old email policies that have been lingering around since your organization first installed Exchange 4.0 in the early nineties.

The effectiveness of good policies

To many, having an email policy is nothing more than an item on a security checklist somewhere. We are supposed to have one, we are supposed to make our co-workers sign off that they are aware of it, and that’s the last we speak of it – ever.

However this way of thinking can cause some serious harm to your organization in the event something goes wrong. Not having a realistic, and enforceable, email policy could wind up costing your organization a great deal of money, credibility with those who you do business with and it could wind up costing people their jobs.

Yet instead of focusing on the negative, let’s take a look at what a well-written email policy can do for you:

It promotes professionalism. Many an organization found its name in the headlines because of unprofessional behavior that was expressed via email. Whether the message was sent as a joke or as means to harass another employee is irrelevant, It something happens via email it can be tracked and published. By enforcing professionalism in all emails that are sent, you lessen the risk that your organization will draw public scrutiny because of the bad choices some employees make.

It helps reduce liabilities. To begin with, if IT and management take the email policy seriously then that sentiment will trickle down to the other employees. If people know ahead of time that certain actions are unacceptable most will abide by these rules of behavior. This immediately reduces risk to your organization. However for the person or persons who still insist on doing things outside the boundaries of what is acceptable, a signed and enforceable policy can help shield the organization from some liability if that person causes harm.

Productivity increases. That’s right, an effective email policy could lead to people spending more time on work related tasks because they will spend less time on distracting, non-work related emails and the sites that these messages send them too.

Your infrastructure will be more secure. Finally, if your email policy spells out what employees should do when they suspect that an email they have received is a spam message or a phishing attack your organization will have a leg up on the attacker. Knowing that someone is targeting your organization will allow you to better secure yourself against their attacks.

Creating the policy

Simply searching Google for email policies and copying someone else’s is not the solution you should be investing in. While using other policies as a guide is smart, no two businesses are the same so just taking from the Internet goes directly against best practices.

With that being said, there is no cookie cutter approach you can take to your policy. You, and the team, will have to roll up your sleeves and actually create the policy from scratch. Just make sure that sections you include cover the following basics:

Establish rules and guidelines. These are in place to protect your organization against threats. They should not only tell users what is appropriate and inappropriate but also should govern what can be sent and what cannot be sent via email. You should also include a section on how to report suspicious or inappropriate emails.

Educate users about email etiquette. Explain to them why certain things cannot be sent via email to customers or even each other. Then explain what could happen if they don’t abide by these rules of etiquette.

Inform them regarding monitoring. If you are monitoring emails then you need to let your co-workers know about it.

Finally, make sure that you go over the policies with the people signing it. Simply sending out a memo and attaching your policy to it sends the message that this is not important. Do it right from the beginning and you won’t have to keep doing this every year.

Written by Jeff Orloff

10 Comments

  1. Christopher · December 31, 2013

    It is essential to regular revisit the e-mail policies. In our office we do that every third month. Revisiting doesn’t have to mean new policies are introduced or some are being modified. It’s just a way of helping us keep track–if our policies remain up-to-date as new threats and security options become available quickly. But I don’t really know if this is something the small businesses do. I am not even sure if they have e-mail policies to begin with.

  2. Jenn W · December 31, 2013

    This is all so true. Email policies are important. They’re more than just a bunch of words that you type up to secure emails. In the past months, we’ve heard of some companies suffering the consequences of not having solid email security policies. Some have had to battle things out in court, while some had to endure tarnished images and reputations. Anything can happen if you do not have secure emails. So, at the start of 2014, company heads should find time to sit down with colleagues and employees to openly talk about email etiquette and all things related to email security. Policies should be drawn up accordingly. And these policies should be strictly implemented, with the employees made to understand that taking them for granted might lead to serious consequences. It’s about time that your company steps up into the fight against email pirates!

  3. Ivy · January 30, 2014

    Our company always makes sure that we perform all these IT reviews at the beginning and then end of the year, with a possible assessment in the middle of the year if there are huge changes in the industry or news about any kind of security threat for e-mails. We do this along with the IT department, and if need be, we also hire a consultant to review our policies. These steps have become more essential as we embrace BYOD.

  4. Niel · January 31, 2014

    @Jenn W: I completely agree with you. Formulating an email policy should be a major company activity or task. Some companies even form a committee tasked specifically with coming up with such policies. And it’s not enough that the policies are there…In addition to making sure that the policies are implemented, there should be a regular schedule for evaluating and updating the said policies. Likewise, every employee, regardless of position, should be trained and educated accordingly so that they will know how to adhere to the policies. If these are followed faithfully, your company will have no need to panic when spammers attempt to get into your email system.

  5. Alison Shriver · January 31, 2014

    Anyone who thinks that creating an e-mail policy is easy has never really produced one. It’s really very complicated, and what makes it worse is when you don’t get the support of the higher-ups. I have come across plenty of supervisors and managers who are the first violators of these policies, but you cannot really chastise them since they’re the powers that be. They’re such a pain in the arse.

  6. Shima · February 24, 2014

    I really recommend companies to have an e-mail policy, even if such business is often categorized as “small.” It doesn’t just instill discipline and professionalism to the employees, but it also prevents or reduces threats that can cause a huge financial and administrative loss for the business. One can already find a professional who can help in crafting these e-mail policies, and they don’t have to be in house and thus can be paid only when his services are needed.

  7. Lily · February 26, 2014

    @Jenn W: You are so right! Our company just came out with a revised set of email policies. It seems that the ones we’ve had for so long had some loopholes so that a number of my co-workers almost became victims of phishing and spamming. So our bosses have scheduled some sort of a tutorial session for us so we’ll completely understand the new policies, and so that we’ll be able to practice hands-on what we need to do to keep our emails safe. I think companies should regularly check and evaluate their email policies. This is the best way to determine whether the safety level is a reliable one or not.

  8. Omar · February 26, 2014

    I am an IT head in a fledging company here in Ohio, and I must have to tell you about the huge importance of having an e-mail policy. As the company I’m not with grows, more employees come in. It means web traffic also increases. Through monitoring, I found out that new entrants are usually the ones who do crazier stuff online, especially when it comes to their e-mails, sharing large attachments and hitting Reply All to include even those who should not be part of the conversation. And they love to talk to one another as well! So an e-mail policy keeps them more disciplined and should be created before new employees come in.

  9. Clarence · March 3, 2014

    I know it’s time to update the e-mail policies when I can already find plenty of spam and unethical or wrong use of e-mail in the office. As an HR practitioner, I deem it necessary to ensure that everyone is acting according to the tenets of our business, including how they conduct themselves online, especially with the use of e-mail.

  10. Nona · April 1, 2014

    @Jenn and @Lily: We are in the same experience level! Ours is a start up company, so it took quite some time before our IT people were able to formulate email policies. It’s a good thing, though, that they first met with all of us to find out how much we knew about email security and the perils that hound it. Thus, the email policy booklet they created is something that anybody can understand. Simple but precise; complete. They also made sure to include detailed examples; like situations that can happen and their possible solutions. So far, so good. Things are going great for us.

Leave A Reply