Email compliance is always a hot issue. Yet even while there are laws and regulations governing how certain industries send, receive, store and secure email messages, 73.7% of people who responded to a survey admitted that they had violated email compliance policies at their workplace.

It is important to note as well that this number represents those who knowingly violate company email policies. The same survey showed that 42.7% of those asked claim that their company either doesn’t have email compliance policies, or they were unsure if such a policy was in place.

So what are some of the most common violations of these policies? Take a look:

1. Sending confidential information

When it comes to industries like education, healthcare and finance, sending personal and confidential information via email can violate not only company and organizational policies, but also federal regulations.

Still 45.7% of respondents claim to have accidentally sent information via email that violated regulatory compliance and 28% admitted to having done so intentionally.

This also leads to another serious problem, printing confidential emails. While most of the time these emails are printed and immediately filed away, there have been stories of confidential emails left on the printers at trade shows, hotels and airport lounges. Worse still, the information contained in the email almost always remains electronically stored on the printer itself as well.

2. Sending work-related emails from personal accounts

According to a report from a security vendor 71% of people surveyed have been educated on the risks associated with sending work-related email from their personal accounts. 47% of them don’t agree with these policies however, and deem it acceptable to use their personal accounts for work. In fact the same survey showed this to be a major concern among younger employees with 85% of workers under the age of 25 regularly sending work related emails from their personal accounts.

3. Sending inappropriate emails

Nothing can be more damaging to the reputation of a company, or individual employee, than an inappropriate email.

This is a hard statistic to measure because most often, people think of inappropriate emails as those that make the headlines due to racist remarks or sexual references. But these types of emails are only the tip of the iceberg.

Inappropriate emails include sending emails when angry, sending emails with poor grammar and spelling, jokes, slide show presentations, pictures of the grandkids and just about anything else that people find offensive or bosses find to be not related to work.

Most people think that the later list is mostly harmless but when you add up the hours lost in productivity and the customers you lose because you consistently spell the as teh, you can see where it can become a problem.

4. Inappropriate use of the email signature

If a company has a well written email compliance policy in place then it will most certainly contain some guidance as to how employees should write their email signature. Most people will ignore this.

Frequently, companies restrict signatures to the person’s name, contact information and a link to the company’s web site. Sometimes they will specifically address the use of quotations or sayings in the signature line – but this is often ignored.

Email signatures that violate compliance policies can also be spotted by the font and color used as well. Generally, it is not consider professional looking to use multi-colored text or fancy fonts for the email signature.

5. Using work email for personal communications

Policy flaunters aren’t only using personal emails for work, but vice versa as well. One common misstep when it comes to email compliance is to fire off a quick email to a friend or spouse from your work account. Many people still don’t realize that the contents of their emails are subject to review by their employer. Even those who are aware of this continue to send personal emails from work or use their work email address to register for web sites or mailing lists online.

To reduce the number of people who violate email policies in the workplace, email administrators need to clearly define their expectations to all employees and take the time to enforce these policies. When people understand the rules and see that they are frequently, but fairly, enforced they will be far less likely to try to circumvent them.

5 Most Common Violations of Email Compliance

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

At one time or another, most email administrators are tasked with the responsibility of writing up policies that govern the use of email in an organization. These policies are necessary to:

• Protect against email based threats and vulnerabilities
• Reduce the organization’s liability if email is used inappropriately by employees
• Prevent misconduct when it comes to email use
• Educate employees on email etiquette
• Inform employees of email monitoring policies.

However, many email administrators find it tough to sell their coworkers, and even management, on certain aspects of the policies created. Instances of a company’s employees, brushing off email policies as insignificant, or simply ignoring them altogether, are far too common in today’s workplace.

Despite the importance of email policies, most people simply see them as either a barrier to getting work done or as a way that management can monitor and control their activity.

As email administrators, we can certainly do a better job when it comes to getting buy-in from our coworkers. To help with this, we have compiled a list of tips that can help you present new email policies, or changes in existing policies, with as little friction as possible.

1. Understand why you are creating these policies

The first step begins with the people tasked with creating these policies. As email (or IT) administrators, we have to realize that our number one job is to help our coworkers do their jobs more effectively. Too often, IT policies are influenced by things that make life easier for the IT staff and often at the expense of other departments. This immediately creates friction and a type of civil disobedience often follows.

If other employees see that any policies in place are not just to make life easy on IT, but exist to help the company as a whole, there is often less justification for not following them.

2. Explain the risks

Users often need to understand the reasons why they have to do something in order for them to comply. But taking a “because you are supposed to” attitude isn’t explanation enough. Provide them real life scenarios that show what can happen if they don’t follow the policies that are put in place. Oddly enough, people often find these examples intriguing and captivating. Compliance usually increases after they are presented with stories like these, but after a while the fear factor wears off. Keep users in touch with the various risks giving them a reminder every so often through company newsletters or blogs.

3. Review policies with other departments

One of the biggest threats to compliance is when upper management doesn’t buy in to your policies. This often happens when they feel that the email policies put in place restrict their team from being productive.

4. Provide data

If you are serious about email policies then there should be some way to track data. Provide users with data from your organization to help show a need for policies. For instance, if you have a policy in place regarding not responding to junk mail then show your coworkers how this helps reduce spam in your workplace. If you block executable files from being attached to email messages, provide evidence that this measure helps prevent malware outbreaks.

5. Realize that not every policy has to do with security

More often than not, email policies are looked at from a security/productivity standpoint. They help keep emails and information secure and confidential, and they help keep workers on task.

However email policies can also help protect and promote your organization’s brand.

By regulating how users write emails and how they craft their signature lines can really improve how current and potential clients see your company.

Even though other forms of communication are becoming more popular, businesses will continue to rely on email as the primary means of communication for years to come. Those who work to make sure email communications run smoothly will always find that compliance with policies that govern email use is often neglected. However when the right approach is used, the headaches that often accompany email related problems will most certainly decrease giving you more time to deal with projects you probably find a bit more interesting and much more worthwhile.

5 Ways To Increase Email Policy Compliance

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

P2P file sharing networks aren’t seen very often on corporate PCs. At this point, most managers have implemented policy to prohibit their use, and admins have implemented technological measures to make sure employees aren’t putting them on their PCs. And that’s all well and good, but it’s not enough.

Do you leave your work at the office at the end of the day? Didn’t think so. Most companies have at least several people, if not the majority of employees, taking work home; and many have staff members telecommuting from home on a regular basis. This too, is a wonderful trend. I personally haven’t seen the inside of a cubicle in 18 years, and this trend is only going to increase. The office is fast becoming obsolete and unnecessary.

But those security measures, and the trend of working at home, work at cross purposes. Security measures in the office usually stop at the network, protecting access to files and applications and ensuring that PCs within the physical boundaries of the workplace are protected against attack. But today, physical boundaries are irrelevant.

We saw this last week when an ethics report from the US House of Representatives was accidentally leaked onto a public P2P file sharing network. The document was an internal file that listed several members of Congress who were being investigated for ethics violations.

There is an argument, which has some legitimacy, which says that ethics investigations should indeed be made public. Citizens have the right to know whether their elected representatives are crooks. But that argument is misplaced. The policy of the Ethics Committee is not to disclose those investigations unless there is a formal investigation, and at that point it would be made public. But that again is besides the point.

The point is, the House of Representatives used lax security rules, and needs to tighten them up. Whether the information should have been public or not doesn’t matter; the fact is that they screwed up from a security perspective by allowing something to be made public that they had not intended to be made public.

The Ethics Committee was quick to release a “not our fault” statement, saying that the leak wasn’t caused by their own information systems. But this is only a half-truth. The leak was in fact caused when a junior staffer took the file home and stored it on a home computer where P2P software was installed, and as such, the Committee argues that it wasn’t their systems—but in fact, it was their own lack of policy and oversight that caused it. Security policy once again must go beyond the borders of the enterprise and into every computer that touches the network. If a worker telecommutes, then the computer used for telecommuting—especially if sensitive documents are being worked on—must also comply with corporate policy. And that means no P2P file sharing applications on it.

P2P networks at the root of accidental disclosures, once again

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators