We all know that email is an indispensible tool for business communication, but it's not without risk. If misused, email has the potential to damage key business interests in multiple ways. But, much like policies used for data security, email "policy" offers a way to minimize these varied risks and protect related interests. Read on to learn how it works.
Email is a fast, easy and readily accessible means of business communication. It has changed the way we communicate. These are the obvious rewards - but they are also the basis of every risk. Whenever email content is ill-advised, inappropriate, or even gets into the wrong hands, negative consequences can follow, including legal liability, regulatory penalties, confidentiality breaches, damage to corporate reputation, public embarrassment, internal conflicts, and all the related losses in productivity and performance that these circumstances can cause. Further, data loss and damage to technology assets can be realized through the transmission of malicious code, spam and computer viruses.
Perform the "What-if" Analysis: What are the risks to my organization of email abuse and/or misuse, and what are the likely consequences if these risks are not properly addressed? The next step is to weigh the costs and complications of all mitigating actions, and to then strike an appropriate balance between risk and probability.
To eliminate email usage is impractical and even unthinkable - so the goal has to be to minimize the risks through the best means possible - and that is through the use of physical security precautions and practical, relevant and enforceable email policy. To realize all of the intended goals and objectives, related policies (which will integrate closely with data security and internet usage policies) must encompass four (4) key governance needs:
As a whole, usage, oversight, etiquette and management parameters must be combined to formulate "policy" that is aligned with business and technical needs, realistic considering actual communication needs, and enforceable considering corporate culture and related technical abilities.
To ensure that all usage, oversight, etiquette and management needs can be met, adopted email policies must be designed according to anticipated email usage, corporate culture, characteristics, business requirements, legal requirements, technical requirements and internal capabilities for enforcement. The list below provides a head start for policy planning, listing the key questions to be considered and addressed as part of the policy development process:
Many of the goals and objectives of email policies can be achieved through the use of physical controls on email access, particularly limitations on inbound junk mail and spam. On the other side, email etiquette is far more difficult to implement and enforce, but it is no less valuable towards achieving the ultimate policy goal - to maximize the value of email communication and minimize the risk. While etiquette guidelines can become quite extensive, at a minimum, every effective email policy should incorporate the following parameters:
Tips to Remember: Every email policy should be implemented and enforced consistently (avoiding selective enforcement), with specified steps to monitor compliance. It's also important to remember that if compliance should prove lacking, policy terms should be reviewed to ensure that the fault does not lie in the policy itself. Realistic policies, that are suitably relevant to business needs and properly communicated should garner significant compliance. In the end, policy promotion and end-user training will be essential to realize required benefits.
For more on IT policies, download our free
IT Policy Templates
(for policy preparation and evaluation)
and see the policy related articles listed
Six Keys to Sound I.T. Management Policies
Planning Policies for IT Asset Management
Policy Planning for End-User Technology Standards
Are you ready to lead your I.T. department to become more valued, relevant and responsive? If so, then you need the IT Service Strategy Toolkit from ITtoolkit.com! The Toolkit teaches you how to "add value" to IT projects and services -- using our time-saving "service strategy process". It's ready for instant download, filled with 400+ pages of steps, guidelines, practices and templates. Find Out More
Strategic "project fast tracking" is a streamlined project management process, specifically used to overcome the most common types of project obstacles, including insufficient time, resource shortages, budgetary deficiencies and stakeholder conflicts.
Sign up for the ITtoolkit.com newsletter and be the first to know about our latest blog articles, templates, white papers, infographics, and special offers.
We won't overload your inbox and we don't share or sell subscriber information. Just enter your email address below.