When starting out, many small businesses set up their email using one of the free accounts available to them. Services like Gmail by Google, Hotmail from Microsoft or Yahoo!’s mail service, provide a working email address with almost no maintenance for a business just getting its feet wet.

However this may not be the best way to make a first impression with your potential customers.

Listed below are seven reasons why you need to ditch the yourcompany@freeemail.com and go with an address that better reflects the image you want your company to have.

1. Free email looks less professional

People associate free email services like Gmail or Hotmail as a personal accounts. Businesses, on the other hand, should have an email address that looks more professional. In fact, a study by Visible Logic in Amsterdam found that 70 percent of people view email messages coming from free email services as less professional when used by a business.

2. Free email looks spammy

Over the years, people have been burned so often by spam that they have become very adept at spotting shady looking emails in their inbox. One way to spot an email that may have malicious intent is by looking at the address. If you email address doesn’t look legitimate, your messages may be overlooked by overly cautious recipients.

3. Free email looks cheap

When people receive an email from your company and it has the @freeemail.com trailing it, your company looks cheap. For less than five bucks a month, you can set up an email address with your company’s domain. Sometimes you can even get a few of these for free when you host your company’s website. Customers who see that you are unwilling to spend a few dollars on this are often left to wonder what else your company may be skimping on.

4. You lose credibility when you use free email

A legitimate, professional looking email address tells your customers that you are here to stay.

Not only that, but having multiple email addresses such as: info@yourcompany.com, sales@yourcompany.com or service@yourcompany.com shows others that you are a well structured organization. The impression one gets when there is one, free email as the sole contact is that one person is handling everything for a company. This may scare larger clients away for fear that the company cannot handle their needs.

In today’s business atmosphere, trust is everything. Especially when it comes to online sales. Every little thing your company can do to establish trust and credibility will help your business grow.

5. Free email is less secure

Remember the old saying: there is no such thing as a free lunch? Well that applies to email as well.

True, Google, Yahoo!, Microsoft and the other free email providers do everything they can to make sure that their email services are as secure as possible, but things can slip through the cracks.

To pay for “free” email, users are subject to advertisements. While these help pay for the servers and storage space, they also have been linked to spam and hijacking. There have been several cases where businesses have had bank accounts and other confidential information compromised by cyber criminals who intercept email messages of companies that use free email services.

6. Free email may put you out of compliance

Nowadays, there are regulations and laws that govern so many industries and their record keeping that many large companies have entire legal teams dedicated to just compliance related issues.

But smaller companies are not immune to compliance. Companies of all sizes need to be aware of HIPPA when it comes to healthcare, PCI DSS when dealing with credit cards, and CAN-SPAM Act when it comes to marketing.

Free email likely does not offer you the tools required to be in compliance with any of these, or the many other, laws or regulations for email use.

7. You miss out on marketing your brand

Having your website’s domain name in every email you send out gives you the opportunity to build your company’s brand. Info@yourcompany.com puts your web site address in the minds of your customers. They know where to turn to when they need your services because they are so used to seeing your domain in every communication from you.

7 Reasons to Ditch That Free Email Address

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Or is it? In a move that will have technology professionals first aghast, and then scratching their head, and finally a little jealous, Thierry Breton, the Chief Executive Office of the French information technology company ATOS has enacted a policy of “zero email”, in essence, banning internal email.

With more than 74,000 employees in 42 countries and 2010 revenues of $11.5 billion, this is not a small statement or a simple change in corporate culture.

Stating that his company’s employees receive on average two hundred emails per day, Thierry estimates that only twenty could be considered useful, thirty-six are considered spam messages, and the rest are so much noise generated internally that could as easily be handled using an Intranet portal, instant message, or phone call. ATOS is increasing its internal use of instant messaging applications, and the use of an internal “Facebook-like” portal.

Breton is no stranger to being a stranger to email. The former French finance minister took over as head of ATOS, and has not sent an email, since he started in November 2008. In a statement announcing the policy in February, Thierry said

“We are producing data on a massive scale that is fast polluting our working environments and also encroaching into our personal lives”. “At [Atos] we are taking action now to reverse this trend, just as organizations took measures to reduce environmental pollution after the industrial revolution”.

ATOS expects that by 2013, more than half of all digital content will come from updates to existing content.

ATOS uses Microsoft Corporation’s Office Communicator for instant messaging, which enables user to user and multi-party instant messaging, video conferencing and application sharing. They also use a wiki type approach to information sharing, easily enabling all users to create or contribute data online to their internal portal.

A statement from ATOS spokesperson Caroline Crouch to ABC News emphasized that this policy is focused on internal emails, and that external email with customers and partners will continue as normal.

Considering the amount of time I personally spend on email every day, and how much of that is “broadcast” type data that could be placed on the intranet home page, I am starting to see a certain appeal to this. Even with the widespread deployment of SharePoint, too many users still look at email as a file transfer system, forwarding Word docs to me even after I put them in a document library and send them a link to view and edit the file within SharePoint. We use Microsoft Lync (the latest version of Office Communicator) and a WordPress theme called P2 for a lot of our internal communications, but they are currently enhancements to, rather than replacements for, email. Certain teams (following IT’s example) are using private Twitter accounts for some team communications and manager-to-team broadcasts, and we’re always looking at other means to improve communications, but we’ve never looked at eliminating email (and, as an email admin, I hope we never do!)

Of course, there are security considerations to take into account, especially when using external services, and we’re also trying to narrow down on platforms to reduce the number of different systems we have to maintain. So far, we have a lot of interest, but no clear direction one way or the other.

ATOS’ new policy does have a certain appeal to it, if you can change the cultural approach to email, and provide enough guidance to uses about when to go to email, or when to go to other technologies for internal communications. I’d envision the following:

• File sharing of any type: SharePoint
• Simple question and answer, informal updates, dialogs that are in near real time but do not require a “paper trail:” Instant Messaging
• Short broadcast type updates: Private Twitter feeds (or SMS)
• Longer broadcast type updates: Blog posts on SharePoint
• Collaborative discussions: WordPress with P2 or SharePoint wiki
• Formal internal communications, more involved questions, private updates: email
• External communications: email

What about you? Do you see any appeal in reducing the volume of email internally? Do you use any other type of communications internally already, like instant messaging, wikis, etc.? What works for you, and what tips can you share with the other readers?

No Email at Work? Inconceivable!

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Some estimates peg the average amount of time a typical knowledge worker spends on email each business day at three hours. If the typical readers of this blog are anything like me at all, we can probably double that number, and add six or more hours each Saturday and Sunday to that.

Inbox overload can become a serious problem for information workers, whether they are in IT or not. Next time you are in a restaurant with your family, take a look around you to see how many adults are on their smartphones at any point in time (teens texting or checking their FB feeds don’t count). Scary, isn’t it?

To try to combat this trend and buy back a little bit of my day, I have made some changes to the way I work with email. Some of these may work for you too, others may not, but if you get a useful tip from even one of these, then it’s worth the time I took to write this post and for you to read it.

The first ten tips come from http://emailcharter.org/. Let me paraphrase them here, but I want you to check out that link after you are done with this post.

1. Respect Recipients’ Time

Bottom line it for me, and use bullets to call out points.

2. Short or Slow is not Rude

Concise correspondence is a good thing. Email was never designed to be instant. If you need an urgent answer, either tag the subject appropriately, use IM, or call me.

3. Celebrate Clarity

Make your subject clear, change it or start a new email thread if the subject changes, and tag it with things like Urgent, FYI, Action, or Question to let me know how to prioritize messages.

4. Quash Open-Ended Questions

If the answer to a question will spawn more questions, call. If you must include a series of questions, break them out in bullets or numbers to make them easy to see and to answer.

5. Slash Surplus Cc’s

Don’t Cc someone unless they really need to be participants in an email. You can always forward a summary of the thread when there is useful information.

6. Tighten the Thread

Keep an email thread on track, and cut out unnecessary information when you can.

7. Attack Attachments

Ever gotten an email with an attachment that should have been the body of the email? Avoid graphics in signatures too, especially if they are linked.

8. Give these Gifts: EOM NNTR

If your email message can be expressed in half a dozen words, just put it in the subject line, followed by EOM (End of Message). This saves the recipient having to actually open the message. Ending a note with “No need to respond” or NNTR, is a wonderful act of generosity.

9. Cut Contentless Responses

NEVER reply all unless you really need Everyone to see a reply. Don’t reply with a simple “yes” or “I agree” or “boo-yah” unless the sender specifically asked for a reply. Polite conversation says to say “thank you,” or to respond with “you’re welcome” but the same need not apply to email when that is the only thing to convey.

10. Disconnect!

Unless you are on call, or use email alerts for time sensitive things, turn off alerts in your email client, and set up your smartphone to only retrieve email manually. Check when you hit a good stopping point in whatever you are doing instead of letting yourself be interrupted every few moments. Just be sure you let your colleagues know to call you if something is critical.

11. Use fewer sentenc.es

Take a look at http://five.sentenc.es and see if that approach might work for you. By keeping your communications brief, you save yourself and your colleagues time. I’m digging it. There’s also smaller versions if you can be really concise.

By the way, you may be amazed at how much longer your smartphone battery lasts if you set it so it only fetches email when you check, instead of pushing email to you. You might even amaze your family with how much more connected to them you become! I hope you find at least one of these tips useful. I’ll check my email sometime later to see if anyone comments, but I won’t be listening for a new message notification.

11 Tips to help you avoid inbox overload

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Many email administrators and users alike cringe when they receive email messages with emoticons. Most email etiquette and protocols call for avoiding unnecessary files, images, graphics and HTML. Placing a smiley in the context of your email basically violates all of these best practices and, in the eyes of many, just looks extremely unprofessional.

However research done by a school in Florida may have some of us changing our minds about using smiley faces and winking graphics when we send out emails.

According to Erin Richard, an associate professor of industrial and organizational at Florida Institute of Technology, business emails often lead to miscommunication.

“Businesses are expanding globally, and more and more employees are working from home, so electronic messaging has become critical for conducting business,” Richard said. “The topic is intriguing because we can all relate to the difficulty of communicating our emotions over email. Nonverbal cues that we can depend on with face-to-face communications are not there. All we have are the words, which can often lead to miscommunication.”

Miscommunication, especially via email, can lead to aggression according to Richard’s research. Her and her team found that aggression in the work place is more likely to occur via email than it is in a face-to-face situation, something that can be attributed to non-verbal cues used when communicating in person, or even on the phone.

What makes things more troublesome is that a response to an aggressive email can easily have a snowball effect.

Could Emoticons Be the Answer?

Sarcasm can be an effective way to get a point across in everyday speech. However try as we may, it just doesn’t translate well in emails. The sarcasm is lost and the comment comes across as negative or aggressive. Using emoticons may help relate the emotions that go along with statements made in an email message to curb miscommunication and negative responses.

According to Judith Kallos of Business Email Etiquette, there are appropriate times in which emoticons, or smileys, can be acceptable.

When congratulating a contact on an accomplishment or personal event they have shared with you, a short email response is often considered curt. Adding a smiley to your email reinforces that your happiness for their good news is genuine by providing a visual cue.

When you want to make sure that the recipient of your email doesn’t take your last comment verbatim or too seriously.

When using sarcasm, this is an instance where having a winky-smiley after a comment gives the other side a clue that you are kidding or poking fun. Without the use of an emoticon they may very well take that comment seriously and that is where trouble can easily start to brew.

Using Common Sense Instead of Emoticons

The safest answer to how a company can reduce miscommunication in email messages it to state that employees should be trained on proper email protocols and email etiquette. Training is great but as we have all seen, users easily forget what they are taught.

So emoticons may very well be one solution to helping accurately convey the meaning behind our comments in an email. Businesses who feel that it is appropriate can encourage their use among employees. Unfortunately, not all businesses feel this way, so while using emoticons for inter-office communications may be acceptable practice, sending an email to a supplier or customer with a waving smiley may cost your company credibility - or even future business.

Instead of batting as to which solution is the best approach, it seems that simple common sense is the answer. Simply knowing who you are writing an email to, and what the situation is should dictate how you write, or answer, an email. If you are simply responding to a quick question, a short answer could be completely acceptable. If an email solicits a response that you are unclear about, by all means ask for an explanation to curb any negative feelings.

And if the situation calls for a great deal of emotion on the part of either party, maybe you should question whether or not email is the best way to convey this particular message.

Email Communication Emotions

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Advanced persistent threats make email security a necessity

Most email administrators consider security to be a large part of what they do. With so many laws and regulations governing the storage, discovery and retrieval of email messages, security has become a second job to many.

Unfortunately, many administrators either forget, or simply aren’t aware, that securing email requires much more effort than hardening the email servers against attack. In order to fully protect your organization’s email and their contents the mailbox also needs to be defended. Especially when you consider how popular Advanced Persistent Threats are becoming with large cyber crime syndicates who use email not only as a way to harvest sensitive information, but also as a method of attack through phishing and social engineering.

By implementing the following tips into your security plan you can help protect against these, and the many other threats that your organization may face:

Create email policies to regulate the communication of confidential information

Email communication has become second nature in the workplace. It is quick, easy and it gives us a record of our conversation so we can refer back to any information at a later date. However, if the conversation contains sensitive information like login credentials, financials, personal information, and the like, then it can be extremely valuable to anyone who may harvest those emails.

By simply setting up, and enforcing, policies that restrict certain information from being sent via email you can mitigate the damage done if emails are exposed. At the very least, your policy should state that user logins and passwords (and/or PINs) not be communicated via email.

Teach users to encrypt their messages

One of the best analogies I have seen to describe the need for encrypting emails is one that compares email to a postcard. Basically, anyone who comes across it can read the contents if they want. This can be stopped by encrypting emails to prevent eavesdropping.

Encryption is a hard thing for many people. It requires additional steps, training and, in some cases, third-party software (such as PGP) yet it is really the only way to keep your messages private in transit.

Encryption shouldn’t be limited to sending and receiving messages alone. Any email that is stored on a hard drive (think personal folders), a network drive, backup servers or archive systems should also be protected from any prying eyes.

Get rid of old email

A long time ago, storage space was a precious resource. Nowadays inboxes can be easily scaled to hold enormous amounts of data. Unfortunately that provides a greater possibility that an attacker will find something valuable.

Email should be moved, or deleted, when their life cycle is up. Make sure to check with any regulations regarding discovery and archiving before getting rid of the old stuff, but if you combine this with encryption you will be taking great strides to protect older emails.

Practice good network security habits

Make sure that desktops are continually scanned for malware that could possibly expose email login credentials, filter Internet content to protect against malicious websites, understand how to properly use a firewall and update server and client software as needed.

In addition to the employing technology to help secure your email systems you should also consider human factors as well. One of the ways that people first discover that their systems have been compromised is by noticing an anomaly. Be on the lookout for log-ins that just don’t seem right whether it be the IP address, the time of day or even the length of time.

This can be one of the most tedious tasks to undertake when it comes to security but it is by far the most important.

Put the right solutions in place

In many small and medium-sized enterprises, the email administrator alone cannot be as vigilant as he or she would like. Even in organizations where there is team of professionals dedicated to security use necessary security tools to help them do their jobs. Smaller companies need to understand this as well.

By employing technologies that help manage email, backup and recovery, archiving and security, you are plugging the little holes that provide that chink in the armor most attackers are looking for.

No one said that email security is going to be an easy task, but it is one that cannot be ignored just because it’s too hard or it costs too much.

Tips for Better Email Security

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

In just one week Google, the International Monetary Fund and Citigroup have all made headlines as a result of email associated with them being under attack. The reason we continue to see companies make the news as a result of email attacks is that email security is sometimes ignored when it comes to training users properly and making good decisions. In some cases, having the latest and greatest when it comes to security tools even creates a false sense of security that causes us, and our users, to overlook the little things. A multi-layered defense that has been properly configured with all the best technology can be rendered useless if the little things are forgotten.

This list displays some of the most common mistakes that are made when it comes to email security and a brief description of what you can do to prevent them.

Leaky emails

There are many times when sensitive information is passed along via email. If everything is encrypted properly you, and your users, often assume that it will only be seen by the appropriate people. Unfortunately this isn’t always the case. Too many times a recipient may answer an email with sensitive information and hit the reply all button without checking to see who will be receiving the email.

The fix: Put a policy in place that addresses sensitive emails and reply to emails. However a policy alone isn’t enough. Make users aware of the policy through training and keep a record that all users were trained/informed of the policy and repercussions of not adhering to it.

Trusting others

When we receive emails from family, friends and business colleagues we often blindly open them without much concern. Especially if they are contacts we communicate with on a regular basis. However malware can easily be spread through emails by attachment or embedded code and links.

The fix: HTML in emails should be blocked if this is a concern, as should the ability for your users to receive attachments that are scripts or executable files.

Passwords that are easy to guess

Remember when Sarah Palin’s personal email account was breached? It was because her password was easy to guess using information the attacker found on her Wikipedia page. Companies often list information on corporate sites that provide attackers enough information to guess passwords as well.

The fix: Enforce strong passwords or password phrases for all users. Also, make sure that people don’t give up information that may be used to guess their passwords when providing bios.

Ignoring malware protection on the desktop

While scanning all emails for malware needs to be done, the desktop should not be ignored. And all too often it is. Malware definitions are outdated, software is not configured to run properly or protection is completely left to the user.

Even if you have a policy that enforces strong passwords, a keystroke logger can easily give up even the most complex password combination.

The fix: Email administrators should work closely with IT security to make sure that the desktop and network security isn’t lax so passwords are tougher to expose.

Failing to check on backups

Some companies and industries are required, by law, to back up and archive emails for a set period of time. Others are not required to do so. Regardless of the laws, every person and company should be in the practice of backing up emails. Emails often provide important records and information that could be lost.

But what happens if you need to restore your emails and find that something went wrong? Maybe the backup was incorrectly configured or the backup location was insecure. In any event, the inability to restore emails from a backup can render the entire solution useless.

The fix: Frequently test the ability of your backup solution, and staff, to restore emails.

These five tips may seem basic and simple. But that is the point. Working in IT we often gravitate towards the more complex issues and ignore simple techniques and solutions until it is too late. By taking the time to do the little things when it comes to security, we build an even stronger foundation for all the bells, whistles and technologies that really impress us and our bosses.

5 Simple Mistakes When it Comes to Email Security

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Developments in cloud based computing have shown quite a bit of excitement and promise, especially when it comes to small to medium sized businesses. Those who evangelize the cloud will often cite the many benefits of moving to a cloud based email service. The litany of favorable reasons to examine moving email services off site that are oft quoted fall into line with the reasons used to move to any new technology:

• Ease of scalability
• Ease of software updates
• Email access anywhere
• Better disaster recovery
• Ease of implementation
• And of course, reduced costs

So when a vendor, or even someone in your own organization, throw these at management looking to save money and increase productivity then it seems like the question moves from why should we move to the cloud? to why has it taken us so long to move our email to the cloud?

Is it really that easy?

Cloud based email services make a whole lot of sense for many organizations. By doing a bit of research, you are certain to find at least one case study on how moving your email to the cloud helped someone in your specific industry. Yet even with good reasons and plenty of research to support this decision, nothing should be done without considering every angle because over the years if we have learned one thing, when it comes to IT nothing is risk-free.

So what does an interested SMB need to consider when all the arrows point to moving to the cloud? Let’s take a look.

1. Control

When your email resides on servers that are housed at your location, you are responsible for configuring the software, maintaining the hardware, updating and patching the server(s), cooling the room, etc. But you also have complete control over your email and backups. Moving to the cloud means you are giving up control and possibly ownership. This lack of control can lead to real world problems. For instance, if your organization has a one year deletion policy, is your cloud provider able to adhere to that? Conversely, if you have a no delete policy can this be achieved as well?

A rarer occurrence, but one that has much harsher repercussions is the event that an investigation needs to take place. Will emails be available for forensics when needed? If so, will there be any issues with the chain of custody and proving that the investigation was tamper proof?

2. Availability

Unless you have been living under a rock you are well aware of the attacks against Gmail over the recent months. The decision to move email services to a cloud provider should always be based on how well the provider can ensure that mail servers will deliver an acceptable percentage of uptime. Of course it’s one thing to say that you guarantee 99.9999 percent uptime and quite another to deliver so when a cloud provider makes a claim regarding availability, make sure your IT team speaks with the sales engineers, not just the salesperson, to see what exactly is in place to eliminate things like interruptions and denial of service attacks.

3. Security and Spam Protection

One of the biggest draws to the cloud for email is the fact that the provider will take care of security and anti-spam. Again, this is something that you are entrusting to the provider and giving up control over. If you are unhappy with the amount of spam that gets by the filters, or if the false positive rate is higher than an acceptable rate you can’t simply switch to a different solution.

This should be at the forefront of any discussions you have with potential email service providers. Find out what solutions they have in place and research them just as if you were buying the protection for your own servers.

4. Cost

Of course cost is always the number one reason SMBs look to the cloud. It is hard to find anyone who will say that a cloud based solution isn’t less expensive in the long run than running, securing and maintaining your own email servers. However the numbers may not always equal the level of service you expect. Costs may not always be transparent. A cloud provider may charge extra for business grade anti-spam protection. Perimeter security or virus scanning may also require additional costs. Finally, storage is never a one size fits all solution so this will always present itself as a variable.

The cloud is definitely a solution worth looking into for a number of reasons, however as a smart business move it would be equally prudent to look at all of the considerations as well prior to signing any type of contract.

4 Considerations for Cloud Based Email

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Online communication has long been the scapegoat for a lack of personal communication skills that is seemingly growing in business and society. Pat Stonehouse, a business etiquette expert with Advancing with Style, established March as National E-mail Etiquette month to help boost proper use of e-mail when it comes to business communications.

“E-mail has changed how we communicate in business, and has become the predominant language of corporate culture. It comes with its own set of rules called ‘netiquette’”, reads Stonehouse’s website.

And the statistics back up his claims since 90 percent of all business interaction nowadays is done via email. One mistake in protocol can really have a devastating effect on how you are viewed by co-workers, employers, and clients. Repeat this mistake 90 percent of the time and productivity is certain to suffer.

To help people in your office communicate more effectively and professionally, teach them some of the basic “rules” of email etiquette.

1. Reply promptly. Most companies encourage their employees to respond to e-mails within 24 hours. Not only does this protocol give value to your recipients, but it helps prevent important e-mails from getting buried underneath 107 trillion e-mail messages that are sent every year. When people respond to e-mails more quickly it also helps encourage them to clean out their inbox.
2. Keep it short. E-mail clients are not word processors. If you want to write a novel, use Microsoft Word or OpenOffice.org’s Writer. E-mail’s purpose is short, concise communication. When e-mails are too long, the reader often misses essential points that you are trying to communicate.
3. Format your messages correctly. Use a proper salutation, close the email message properly and be sure to include a signature. As mail administrators, teaching users how to create and change their signatures is often a frustrating experience. Consider recording a video for them to watch that details every step of this process to make your life easier.
4. Spell check everything. Every e-mail client has a robust spell checker. Users need to make sure that every business related e-mail they send out is run through this. Misspelled words not only look unprofessional but they make clients question how much effort is put into your work.
5. Reread your e-mail, and then reread it again. By now we all know that spell checkers don’t catch using words the wrong way. It’s and its, there and their, know and no, etc.  Using a word improperly is just as bad as spelling a word wrong, but that is not all that you should be checking for. Read over your e-mails and check the content and tone of your writing. People can’t read body language through e-mails so they may not be able to interpret humor or sarcasm so it is best to avoid anything that reads as such.
6. Leave out the emoticons. There is no place for smileys and such in a business email. Emoticons not only look unprofessional, but many people don’t even know what they mean. The same holds true for abbreviations that are used in text and instant messaging. While you are at it, make sure to have your co-workers forget the animated gifs in their subject lines as well.
7. Use a meaningful subject line. 35% of recipients open e-mail based on the subject line alone. If you want your e-mails to be read, and responded to, then descriptive, meaningful subject lines are the best protocol to follow. Encourage this practice with your co-workers.
8. Avoid the inappropriate. Many companies have policies in place that prohibit sending chain letters, pornography, jokes, and other inappropriate items through company e-mail. Yet it still happens. Stress to people that sending these types of e-mails is not only unprofessional but it wastes peoples’ time and it fills inboxes with unnecessary junk.
9. Know how to reply. When you respond to an e-mail you have the option to reply or reply to all. Many users don’t know which one to use. Stress that reply to all should only be used when everyone on the recipient list needs to see the response; otherwise they should just use the reply button.
10. Attachments should be used appropriately. When users send an attachment they should identify what program it was created in and what should be used to open it. When receiving an attachment, recipients should also ask permission of the originator before forwarding it on.

Most importantly, however, you should stress to your co-workers that e-mail is not private and it never should be sent with any expectation of privacy.

10 Things We Can Learn From Email Etiquette Month

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

With so many businesses still trying to figure out how to leverage social media in the workplace, email continues to be the primary method of communication among employees. Whether they are communicating with co-workers, managers, customers or distributors email still reigns supreme. In fact, 94 percent of all American Internet users send or read email every day according to the Pew Research Center. In the workplace it is estimated that workers spend 41 percent of their day handling email according to the Radicati Group.

While email is still a primary means of communication among people in the workplace, many businesses fail to put in place a policy that governs how employees use email while they are on the clock. Business owners or IT managers tend to overlook laws and regulations that dictate how email should be used and stored. In small-medium sized businesses there is less of a perceived need for a email policy because employers sometimes don’t see the need to regulate things such as email and Internet use. Unfortunately this can land them in legal trouble.

Current laws state that employers can be held legally liable for the content of email sent from computers owned by the company. Furthermore, failing to retain emails sent by employees can also put businesses out of compliance for Sarbanes-Oxley and other regulations.

To protect your business from legal troubles you can either abolish email altogether, or govern how your employees use this tool in the workplace with a documented policy on email usage.

Since the latter is much more practical, let’s look at five things that your email policy needs to address:

1. Personal use of the email system. Some businesses allow employees to use company email for personal communication. Some strictly forbid it. Others take a hybrid approach, allowing personal use to take place during non-work hours granted the emails sent and received abide by other policies. Whichever route you take, make sure that it is clearly spelled out in your policy in a way that cannot be misconstrued.
2. Rules governing what can and cannot be sent over the company email system. Email can be used to share files, multimedia, pictures, etc. While any IT department would most certainly want to keep large attachments to a minimum to conserve bandwidth and storage space, this usually isn’t what causes most of the problems. Obviously it is necessary for your email policy should explain what is inappropriate to send using the company email system. Make sure to cover the distribution of any offensive, or disruptive messages, including messages containing offensive comments about race, gender, age, sexual orientation, pornography, religious or political beliefs, national origin or disability.
3. Email retention policies. If your company is required to comply with Sarbanes-Oxley then you have an obligation to make sure that records, including emails, are retained for a certain period of time. You also have an obligation to inform employees that emails will be archived and how long they will be retained for. Even if you are not required by law, keeping an archive of emails can help your company fight a lawsuit or investigate issues dealing with employees. Make sure this is a part of your email policy and follow up with your IT staff with a records audit from time to time.
4. Email monitoring. As the owner of your email system you have the right to monitor employee email messages at any time but you do need to inform your employees of this. Explain to them that any messages sent, or received, using company equipment are subject to being viewed even if the employee considers them to be of personal nature.  Having this policy in place protects you should a situation ever arise where you need to monitor an employee’s email and it helps curb inappropriate use of the email system but it is rather sensitive so you should check with your company’s lawyer on how to word this properly.
5. Best practices for email usage. You should also use this section to explain expectations for email protocol when it comes to writing and addressing messages. An email sent out can be the first impression a potential client or partner gets of your company and you want it to look professional. For example, some basic email etiquette rules include not writing emails in all capitals, enabling spell checking, including a signature that conforms to your company format, using proper grammar and punctuation.

Once you have drafted your email policy it is important to understand that if a policy is put in place but then not enforced cannot be later relied upon to discipline an employee who violates the policy. So while creating a reasonable email policy is important, enforcing it is necessary as well. Don’t put anything in writing that you do not plan on enforcing later.

5 Things Your Email Policy Needs to Have

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

In my previous post, “13 Policies for Securing Your Email – Part 1 of 2”, I enumerated the following seven of thirteen policies for securing email exchanges. There are many more actions which administrators and organizations can incorporate in their email policies and procedures that I will discuss in future posts.

1. Do not immediately open attachments.
2. Create tiered email architecture.
3. Add automatic filtering mechanisms.
4. Instruct your end users what email message links and icons not to open.
5. Keep your anti-virus software up to date.
6. Proper secure email procedures should include disabling the opening of additional browser windows from being opened upon the clicking of links within email messages.
7. From the end user perspective, whenever outgoing email has been marked by them as confidential then encryption techniques should be employed to ensure that the email messages cannot be changed or read by third parties.

   Here then are the remaining six of thirteen actions worthy of any organization’s secure email policies and procedures.
   

8. Employees should be reminded periodically that their organization’s email addresses are to be used for the purpose of conducting business. All other communications outside of normal business transactions should be conducted using the employee’s personal email address. In the early days of the Web some companies used to publish the internal email addresses of their employees. By doing so they opened themselves up to the many bots and web crawlers of the internet that would harvest email addresses for use as the receivers of spam and more harmful email attacks such as phishing.
9. Many corporate websites allow for customers to contact the company and even specific departments such as service and support via email. But in conjunction with not displaying employees’ email addresses on various web pages so should your company’s web administrator be instructed not to display employees’ email addresses on web pages used for service and support. Instead the service and support web pages should simply use a generic company email address such as support@somecompany.com or service@somecompany.com. Then a moderator email account should be set up within the company’s email servers as a recipient email address for incoming mail from company websites.
10. If your company or organization mandates that some internal email addresses be exposed to the outside world on the company’s website then make the email addresses unrecognizable by spambots. Spambots are applications that roam the web looking for email addresses to add to their inventory which are later sold to marketing departments or other special interest groups. Because spambots look for addresses containing the “@” symbol you should disguise your exposed email addresses so that anyone reading the web page can understand the email address but yet not leave it recognizable by a spambot. Such an email address might look something like john-dot-lastname-@-somecompany-dot-com. Your readers will understand the nomenclature and respect why you need to disguise your internal email addresses.
11. Another idea to help protect your internal email addresses is to set up a tiered email system such that the first tier of email addresses encountered by spambots and hackers consist of email addresses used by an outside server. Those email addresses can be set up with alias email addresses so as to hide the real email addresses from outside third parties.
12. Even after a company has taken the trouble and time to set up obstacles to spam and other unwanted emails there are still email sources that manage to get their emails past your roadblocks and begin to progress through your internal organization. And with those emails there are sometimes links which read,”… If you believe you have received this email in error or no longer wish to receive emails from us please click the following link…” which usually will be a “unsubscribe” link. Many times employees will be tempted to click on the link thinking that they’ve just been taken off of some sender’s email list of contacts. Unfortunately they may find themselves receiving more emails from the same source but with different email addresses than the original sender. It is a much better practice for your employees to simply mark the original unwanted email as “spam” and then let your email system take care of future incoming emails from that domain.
13. To minimize the risks of phishing, spamming and other email attacks from occurring in their organization administrators can take the initiative by configuring their clients to only support plain-text email formats. This can remove the possibility of incoming emails that contain harmful links for users to click on, which would ordinarily cause trouble for the end users, the administrators and their organization.

Finally, remember that there is no true privacy. Periodically remind your end users to be cautious of all email they receive even after following your organization’s secure email policies.

13 Policies for Securing Your Email – Part 2 of 2

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Your organization sends and receives email messages every day and sometimes those incoming messages are like malevolent organisms looking to attack or infect your computer systems.

Administrators can help to mitigate the adverse impacts of unsecured email by implementing secure email policies that are mandated and continually emphasized within their organizations. Getting end users to consistently follow email policies is more than half the battle when it comes to not becoming the next organizational victim of virulent email messages.

Here then are seven of thirteen policies worthy of any organization’s secure email policies and procedures.

1. Do not immediately open attachments. Employees should be reminded to verify the sender of the email message as a person of trust. There are many times during the day when I am busy with work and I get a phone call. I do not immediately open my cell phone until after I’ve recognized the caller’s identity as saved within my cell phone records. If it is an unknown caller then I simply let ring and then go to voice mail. Later I can then listen to the voice mail message – if one is left – and then return the phone call. Likewise, your end user community should receive similar instructions for how and when to open up email attachments. They should first confirm the sender of the email message as a person that they recognize.
2. Create tiered email architecture. Your end users should have three or four email sections within their inbox. A first tier of email messages can consist of all incoming email that has been cross-checked with the end users’ contact list. This will ensure a level of confidence in the origins and trustworthiness of the sender. Of course, the use of an authentication mechanism could also be incorporated to add a higher degree of trust. Second and third tiers might consist of email whose addresses were neither on the recipient’s contact list and/or cannot be authenticated.
   
3. Add automatic filtering mechanisms. Encourage your end users to make use of email aliases as a means for filtering email messages based on predefined relationships such as: personally known sender addresses, first-time communications with an entity or organization and then also an email alias used for inquiries or other communications not requiring fully identifiable email addresses. These methods could be used to minimize the many unnecessary email responses – and many times spam email messages – that users receive by allowing them simply “select all” and then hit “delete” for that subset of email messages sent to a particular alias.
4. Instruct your end users what email message links and icons not to open. Many times hackers will send spam via email that includes embedded icons or graphic files such as GIFs or JPEG files that when opened can unleash spambots that attack your systems by consuming their resources and thus clogging up the processing of more important business matters. Some spambots are there to interrogate your systems to search for and collect personal information about your end users or more vital business information all of which can be abused to hinder your normal business processes. The personal information of your end users could be harvested and sent to marketers. And of course there is always the threat of viruses.
5. Keep your anti-virus software up to date. Schedule regular checkpoints with your anti-virus software vendor of choice and verify that your company has the latest updates. Look for additional protection against phishing, spam, browser exploits, instant messaging and file sharing protection.
6. Proper secure email procedures should include disabling the opening of additional browser windows from being opened upon the clicking of links within email messages. Your system wide email clients should support the disabling of new window pop-ups.
7. And from the perspective of your end users whenever outgoing email has been marked by them as confidential then encryption techniques should be employed to ensure that the email messages cannot be changed or read by third parties.  Email messages that have been encrypted and compressed cannot be altered in any way. The sender is guaranteed with a more than reasonable amount of certainty that only the recipient can open and read the contents of the original email message.

Finally, remember that there is no true privacy. Periodically remind your end users to be cautious of all email they receive even after following your organization’s secure email policies.

In the follow-on post I will discuss the second half – six policies – of this two part discussion.

13 Policies for Securing Your Email – Part 1 of 2

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Email retention is a very important component in every company’s day to day business practices. The reasons are many: legal requirements, efficient use of storage, privacy of corporate email messages and others.

Policies and best practices should be clearly stated in every company’s IT department for how best to archive the multitude of emails that accumulate each day.

Here are some of the best practices and considerations for email archival.

1. Indexing and searching capability should be features of all email archival systems. Companies need to be able to respond quickly to requests for old emails particularly when those requests are coming from legal entities outside of the company. Months and months of email messages can quickly become millions of archived messages. IT departments will need to be able to respond to information requests in the least amount of time possible so as to meet any legal requirements necessary. Having a fully indexed archival message system will support the retrieval of any documents or email messages in a short period of time. In addition, being able to respond to requests for archived emails can help to meet discovery or subpoena requests in a timely manner.
2. Audit trails should be another component of any good email archival system. Companies need to secure and track their archived emails to meet the regulations of the various governing bodies such as the SEC (Securities and Exchange Commission) that can request specific emails from them. Audit trails can also be used to prove compliance with reporting regulations such as the Sarbanes-Oxley Act.
3. Complete email integrity needs to be maintained so as to meet the rules of evidentiary standards. Email integrity can be maintained by use of electronic signatures and time stamps of each email that is archived, redundancy of archival systems to provide continuous access to archived emails and encryption of email messages to protect against tampering of original data.
4. Virus scanning of all email messages prior to archival should be an additional step in the archival process so as to ensure not only the integrity of archived email messages but also the protection of email system at the time of retrieval of email messages from the archive system.
5. Support of multiple email systems and protocols is another feature that can help to reduce the number of archive systems that are needed within a corporation. Some of the more widely used email systems that ought to be included in an email archive system include: Microsoft Exchange, Lotus Notes, Novell Groupwise, First Class, standard POP3, SMTP and Imap protocols.
6. Administrators should coordinate with their in-house legal department and with the department managers of the various business units that the IT organization is responsible for supporting. Those department managers may have additional requirements for email archiving of their employees emails based on their applications used and types of businesses they engage in. And legal departments can also provide guidance in the necessary archival rules and regulations which the company as a whole must comply with.
7. Know what time periods are required by specific regulations when determining how long to keep email messages in the archives. Some companies do not routinely rotate their archived email messages out to the bit bucket and as expected continue to drive up their storage and administrative costs unnecessarily. The more email messages that are stored then the more indexes are required and longer search times than are necessary will occur.
8. Designate someone within the IT organization who is the interface to the legal department. In smaller organizations the legal department will most likely be an outside law firm. Schedule regular quarterly reviews of the laws and regulations specific to your industry that have mandates related to email retention requirements. Some of these compliance laws, regulations, and standards that can impact how email is retained include: the Federal E-Discovery Rules; the Health Insurance Portability and Accountability Act (HIPAA); the Gramm-Leach-Bliley Act (GLBA); the Sarbanes-Oxley Act (SOX); the PCI Data Security Standard; the Federal Information Security Management Act (FISMA); the EU Data Protection Directive 95/46/EC; the Basel II Accord and others.
9. Although not considered email, instant messages should also be included as electronic items that can be stored in an email archival system. Within the course of daily activities business communication emails that are received can sometimes start off as instant messages that have been converted into email when the sender was no longer able to communicate with the recipient.
10. The implementation and execution of a good email archival system can save a company much valuable time and money when all contingencies have been taken into account and the planning has been done well.

10 Email Archival Best Practices and Considerations

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

There’s a bank clerk in Wyoming who is in deep trouble with the boss. According to news reports, an employee of a bank in Wyoming sent an email that contained customer data to the wrong recipient’s Gmail account. The employee of Rocky Mountain Bank made two critical errors: First, they sent it to the wrong address, and second, they attached a file with sensitive information that should not have been attached.

According to news reports, the employee, realizing they had sent it to the wrong address, tried to “recall” it after sending it. Huh?? How long has this employee been using email? Just about anybody that isn’t living in a cave knows that you can’t recall an email once you’ve sent it out. That’s why standard procedure should include at least a quick once-over of the contents and recipient list before hitting the “send” button.

The attachment that was sent contained customer information, including social security numbers and loan data.

Then apparently the employee sent another email to the person that had incorrectly been sent the information, asking them to delete it without opening or reading it, and also asked the person to contact the employee. Again, huh??

First of all, if I get an email from a bank with an attachment and I’m not expecting it (which I’m usually not), I will simply delete it without looking at it, thinking it to be spam, which it usually is. Chances are, the recipient did the same. And if I get an email with a bank address asking me to make contact, again, no dice. Not gonna do it. On the off chance that the recipient even saw the emails, they were well within their rights to ignore the request.

However, the bank didn’t see it that way, and now they’re suing Google to try to get them to identify the recipient. Google said no dice to the bank, and again, Google is well within their rights to refuse without a court order, and bravo for Google for not providing the information.

And to make it even worse, the bank asked the court to seal the case so customers wouldn’t learn about the breach. In most states, banks and financial institutions are legally obligated to notify customers about such breaches, and the courts quite appropriately refused to seal the case.

Bank learns its lesson, you can’t recall email

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Viral emails get circulated around offices and places of businesses far too easily. It happens all the time, and is an enormous waste of time and a danger to company productivity and morale. What happens is that some employee receives a viral email that propagates some untrue rumor or urban myth, but which nonetheless evokes a strong reaction. Said employee says to himself or herself, “Why, everybody needs to know about this outrage!” And so they click “send all” and everyone in the company gets it. Pretty soon, everybody in the company is outraged about the rumor–the fact that it’s not true is besides the point–and productivity suffers. I get these all the time–but the only outrage is that the content contained in them is incorrect and usually designed just to rile people up.

These emails pop up all the time, usually propagating some sort of misinformation surrounding a minority group, immigrants, or government policy. In almost every case, the facts are completely false, but they deal in subjects that are sure to get a response.

Of course, these have no place in the office, and the administrator would be justified in appending the use policy to prohibit distribution of these emails. Of course, besides wasting time and getting people angry over false information, they just contribute to the ever-widening sea of useless email that clogs up all of our email servers, since the typical response is to say, “Oh, this is terrible, I have to send this to everybody in my mailbox right now!” The viral emails that perpetrate these and other rumors are a waste of time and a danger to society–any company use policy needs to prohibit propagating viral “rumor” and urban myth emails.

“I read it on the Internet so it must be true…”

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

If your company is having problems with employees and their email usage it might not be the employee’s fault. When was the last time your employees reviewed the company’s email policies? If you can’t answer that question then it means that there is a problem with communication.

It should be standard practice that all employees are required to sign a document upon acceptance of employment that they will abide by the rules and policies regarding email usage whilst employed at the company. It should also be mandatory that employees review and sign the agreement each year or every six months whilst employed.

This brings up the question of what exactly should go into an acceptable Email Usage Policy.

You need to be clear that the ownership of email accounts belong to the company. The employees are users who have been supplied or provisioned with email accounts to facilitate their jobs. This means that they have no privacy nor should they expect privacy since they are using a company’s email servers. This also means that the company has the right to review all emails that it receives. The company can also block or reject emails based on origin, content, usage or any other criteria. It should also be noted that email access can be limited or restricted by the company.

Specify that email usage should also comply with any and all laws including but not limited to: city, county, state and federal. It is important that employees understand that the company itself has to comply with legal and regulatory agencies as well. Therefore, email users, by virtue of being employees of the company, must comply also.

It doesn’t hurt to also include expectations that the company has of employees in terms of the ethical nature of their emails. Most all companies have a mission statement that includes comments about the values of the company. An email usage policy should reflect those values.

And just as a company car is used to conduct official business and is not for personal use so it should also be noted that company email is to be used only for official company business and not personal use.

Make certain that employees understand that they are not to distribute their email and they are expected to protect their email accounts including passwords and usernames. They are responsible and accountable for all email use and misuse of their email accounts even if access permission has been given to a non-employee.

Be diligent in the enforcement and distribution of your company email usage policies. Review your company-wide policy once a year and make changes when needed so as not to fall behind as new communication devices are introduced into the workplace each year.

Why should you have an Email Usage Policy?

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

The devastatingly high rate of unemployment, not just in the US but all over the world, can cause problems not just for the unemployed themselves, but also for the IT departments of the companies that laid them off.

Even when the economy was booming, I always advocated a clean break when letting somebody go. It may seem a little heartless, but the standard protocol is to de-activate their passwords and computer access first, and then lower the boom at the end of the day. A disgruntled employee can be very dangerous to a company, and I have first-hand experience seeing one such employee take down a very large San Francisco-based firm I used to work with. Leaving employees with computer access, even for a few minutes after the axe falls, is just too risky. With computer access, the employee can too easily email out sensitive information minutes before walking away. And besides outright theft of information, if the employee continues to have company email until IT gets around to cutting it off, it’s all too easy to pretend that one is still employed with the company, and send out potentially damaging emails to clients.

A recent blog entry on ITSecurity.com reminded me of this, citing a survey on deleting accounts from laid-off employees. According to the survey, 30 percent of respondents had no policy in place to find orphaned accounts, and 30 percent said it takes more than three days to terminate an account after an employee leaves the company.

Take care to clean up orphaned email accounts

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

The State Government Watch blog has an interesting article on how the former head of Hawaii’s Tourism Authority netted a hefty “resignation payment” after he was caught in an ugly email scandal:

The embattled former chief executive of the Hawaii Tourism Authority, Rex Johnson, will receive nearly $300,000, including unused vacation pay, as part of an agreement with the state agency. The tourism agency, which faces significant challenges ahead in guiding Hawaii’s bread-and-butter industry through its most turbulent time, agreed to a resignation payment of $208,181 based on Johnson’s initial annual salary of $240,000 through August 2009. Johnson’s vacation pay, also based on his $115 hourly rate, amounted to $83,304, bringing the total resignation package to $291,486. Johnson resigned Oct. 8 after a state auditor flagged his email for pornography sent to friends via his state laptop. Racist and sexist messages sent during the same period surfaced a few months later.

Yes, that’s right. He was caught with porn and racist emails on his state issued laptop, yet made out like a bandit. Not exactly a deterrent againt violating email policies, is it?

CEO Caught in Email Scandal Nets $300K Settlement

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators