Email Protocol and Policies

Protect your outbound email image and manage risks
By Lynn Walford, Freelance Writer Copywriter Owner Freelance Writer Now Email seems harmless but it can cause all kinds of image and legal problems for your business. With a click of the mouse, damaging words and images can be sent to hundreds of people. Recent research indicates that one in four businesses, regardless of size, will have email subpoenaed by lawyers or regulators this year. Compliance issues abound regarding financial, medical, and personal information as well as intellectual property. Non-business related use of the company email servers can tie up precious resources. Therefore, every business should take measures to create and enforce email policies.
 
Email policies, hardware and software solutions can:

1. Prevent legal problems.
2. Maintain privacy and confidentiality.
3. Control inappropriate outbound content, images and files.
4. Ensure that your company image remains professional.

Create an email policy

Employees need to be informed of your company’s email policies, regarding sending or forwarding emails containing libelous, defamatory, offensive, racist or obscene remarks, false statements, confidential information, personal use, pornography, disclaimers and time frame of replies.
Try: Adapt the sample email policies at Email-policy.com, or purchase Fair Measures Internet and E-mail Policy and Procedures.  Incorporate in your policy suggestions for business email etiquette developed by Judith Kallos at NetManners.com.  Compose a disclaimer by customizing the samples at EmailDisclaimers.com and put it in your email message signature. You can also install Policy Patrol Disclaimers on your email server that will automatically add disclaimers to email messages.

Filter outgoing email with software

The more employees who have email the more difficult it becomes to ensure that the content they send is acceptable. The level of control you need will be determined by the type of business you operate; medical and financial businesses should be aware of the laws that affect the management and storage of information. Currently, most of the products available are for businesses that manage their own email servers using Microsoft Exchange.
Try: Install software, such as SurfControl E-mail Filter, MailMarshal, Proofpoint Messaging Security Gateway, MIMEsweeper, or ScanMail eManager, on your servers. For more compliance information, download SurfControl’s Best Practices for Meeting the Compliance Challenge.

Install appliances and gateways to control outbound email

Appliances and gateways prevent the wrong kind of outgoing email and help companies stay in compliance. Important features to look for are content management, searching, encryption and policy implementation.
Try: Install enterprise gateway appliances by IronMail MailGate, or SurfControl RiskFilter. For help determining specifications, use the ClearSwift Email Solution Selector.

Review email for errors before sending

Many an email has been sent with misspellings, poor grammar, strange abbreviations and harsh statements without editing. Your email policy should require employees to check all outgoing email for spelling and grammar via a grammar and spell checker. Outlook Express will only check for spelling errors if MS Office is installed. Often it may be easier to compose email messages in a word-processing software first and then copy it into email software.
Try: If you don’t have email spell-checking capabilities, install spell-checker software such as Spell Check Anywhere and encourage employees to use it when sending emails. If you use Web-based email, install the Google Toolbar, which will spell-check Web data entry.

Send credit card information only via secure methods or gateways

If your company accepts credit cards, you are required to use secure methods for credit card transactions and if there is a breach you may be fined or receive a chargeback. Email is not secure unless it is encrypted because it can be hacked.
Try: Check your network for vulnerabilities and credit card security compliance with a free PCI (payment card industry) test from ComplyGuard Networks, Inc. or a free tool from Qualys. Cybertrust and SecurityMetrics, Inc. are also providers of PCI compliance services.

• Chevron paid $2.2-million to four female employees to settle a lawsuit in which they claimed they were sexually harassed with email jokes. Prevent this kind of email problem with clear policies, software and hardware.
• Don’t rely solely on email to communicate your policies, require each employee to read, sign, and date a hard copy of each policy.
• Congressman Mark Foley of Florida abruptly resigned as the result of emails and instant messages he sent to a former teenage male page. Don’t ever send emails that can come back to haunt you.
• Remember it is not just text that requires policies filtering but images also. An edited photograph of an employee in a compromising situation can do just as much damage as a negative comment.
• Never hit the send button when angry, tired or not sure of a proper response, save it as a draft and come back to it later.