In the spirit of the new year and new year’s resolutions, make this year the one you revamp some of those old email policies that have been lingering around since your organization first installed Exchange 4.0 in the early nineties.
The effectiveness of good policies
To many, having an email policy is nothing more than an item on a security checklist somewhere. We are supposed to have one, we are supposed to make our co-workers sign off that they are aware of it, and that’s the last we speak of it – ever.
However this way of thinking can cause some serious harm to your organization in the event something goes wrong. Not having a realistic, and enforceable, email policy could wind up costing your organization a great deal of money, credibility with those who you do business with and it could wind up costing people their jobs.
Yet instead of focusing on the negative, let’s take a look at what a well-written email policy can do for you:
It promotes professionalism. Many an organization found its name in the headlines because of unprofessional behavior that was expressed via email. Whether the message was sent as a joke or as means to harass another employee is irrelevant, It something happens via email it can be tracked and published. By enforcing professionalism in all emails that are sent, you lessen the risk that your organization will draw public scrutiny because of the bad choices some employees make.
It helps reduce liabilities. To begin with, if IT and management take the email policy seriously then that sentiment will trickle down to the other employees. If people know ahead of time that certain actions are unacceptable most will abide by these rules of behavior. This immediately reduces risk to your organization. However for the person or persons who still insist on doing things outside the boundaries of what is acceptable, a signed and enforceable policy can help shield the organization from some liability if that person causes harm.
Productivity increases. That’s right, an effective email policy could lead to people spending more time on work related tasks because they will spend less time on distracting, non-work related emails and the sites that these messages send them too.
Your infrastructure will be more secure. Finally, if your email policy spells out what employees should do when they suspect that an email they have received is a spam message or a phishing attack your organization will have a leg up on the attacker. Knowing that someone is targeting your organization will allow you to better secure yourself against their attacks.
Creating the policy
Simply searching Google for email policies and copying someone else’s is not the solution you should be investing in. While using other policies as a guide is smart, no two businesses are the same so just taking from the Internet goes directly against best practices.
With that being said, there is no cookie cutter approach you can take to your policy. You, and the team, will have to roll up your sleeves and actually create the policy from scratch. Just make sure that sections you include cover the following basics:
Establish rules and guidelines. These are in place to protect your organization against threats. They should not only tell users what is appropriate and inappropriate but also should govern what can be sent and what cannot be sent via email. You should also include a section on how to report suspicious or inappropriate emails.
Educate users about email etiquette. Explain to them why certain things cannot be sent via email to customers or even each other. Then explain what could happen if they don’t abide by these rules of etiquette.
Inform them regarding monitoring. If you are monitoring emails then you need to let your co-workers know about it.
Finally, make sure that you go over the policies with the people signing it. Simply sending out a memo and attaching your policy to it sends the message that this is not important. Do it right from the beginning and you won’t have to keep doing this every year.