Newsletters Welcome, Guest Log In | Register
Blogs:

Ralph DeFrangesco

Data Security

Securing your data and network, inside and outside the perimeter

About this Blogger RSS

< Previous | Next >

Subscribe

Sign up now and get the best business technology insights direct to your inbox.

  • Daily Edge
  • CTO Edge Update
  • Business Tools & Templates
  • Aligning IT & Business Goals
  • Maximizing IT Investments

0

Companies Need a Good E-mail Policy

Posted by Ralph DeFrangesco Oct 21, 2009 1:08:47 PM

In my first post this week, I covered what a good Internet policy should look like. In this post, I plan to cover an e-mail policy. This policy has evolved quite a bit throughout the years. I don't want to date myself, but years ago, we didn't worry what we put into e-mail. Today, we have regulations like HIPAA that prevent us from putting personal health care information in e-mail without reasonable protection. In addition, the attacks on our e-mail systems have increased and have become more sophisticated.

 

Let's be realistic, a policy -- any policy -- will not fix these problems. Policies have to be implemented with education, monitoring and technology. In the case of e-mail, filtering would act as a monitor. Most filtering software can scan for certain words, phrases and numbers such as a Social Security number, an account number or a street address. Of course, if you do need to include personal information as part of your business model, then it absolutely needs to be encrypted, no ifs ands or buts.

 

Included within an e-mail policy is usually how a business will deal with retention. Many organizations allow users to archive their own e-mail. However, e-mail can take up a lot of room on a desktop or file share if there are attachments. Typically, companies back up e-mail on the e-mail server. So the question is: How long should it be held? I have heard arguments on both sides. One side says you hold all e-mail for seven years. Your industry might require more or less retention. The argument here is that e-mail can come back to bite you. Look at Microsoft: Old e-mail was used in several cases against the company. It can, however, save you as well. If you said something in e-mail that was in your favor, then it can work for you. On the flip side, people can make an argument for a short retention time. If you don't have the e-mail, then it cannot be used against you, right?

 

I don't want to side-step a recommendation, but I suggest that you decide on a policy that fits your business and legal requirements, nothing more and nothing less. IT Business Edge's Lora Bentley made a great post about learning from Boston's E-Mail Retention Mistakes.

 

If you need help with an archive strategy, the IT Business Edge has a free paper that can help entitled, "Email Archiving: A Business-Critical Application." If you are interested in how to better enforce your e-mail policy, then download, "Not Just Words: Enforce Your Email and Web Acceptable Usage Policies", also from the IT Business Edge. I plan to close my series with a software usage policy.

Related Content

Add a comment Leave a comment on this blog post.

There are no comments on this post

Related Content

Browse

Topic: E-mail and Web Policies

Without e-mail and Web policies, a company risks liability and damage to its reputation

Blog: E-mail Policies Should Be Well-Defined and Well-Communicated

Article: NSF Problem Proves Basic Content Filtering No Longer Enough

White Paper: Not Just Words: Enforce Your Email and Web Acceptable Usage Policies

Related Topics

Business Communications, Litigation, Privacy, Security Policy

Featured White Papers

Browse

Email Archiving: A Business-Critical Application

Read this white paper to learn how hosted email archiving reduces legal risks while improving employee productivity.

Not Just Words: Enforce Your Email and Web Acceptable Usage Policies

This white paper can serve as a business guide on how to develop and enforce Email and Web AUPs. All employers need to understand that unmanaged personal email and web usage has a negative effect on productivity and heightens the organization's risk. Download this guide and learn how to quickly implement an effective AUP in your workplace.

Resource Centers

Browse

Laptop Security

Answers to the ongoing challenges of the mobile office: to work anywhere, securely and efficiently.

Featured Whitepapers

Into the Wild: Managing Laptops Outside the Office

Optimized Infrastructure

Hardware and software tools to create an enterprise infrastructure for data and business optimization.

Featured Whitepapers

Creating a Dynamic Infrastructure Through Virtualization

Tablet PCs

Powerful and portable computing capacity for today's high-speed, fluid business environment.

Data Warehousing for Business Intelligence

Comprehensive storage solutions for better data access and retrieval, leading to better-informed business decisions.

Featured Whitepapers

Maximizing Operational Efficiency with Oracle Business Intelligence (BI) Applications

Premium Tools

Browse

The Complete IT Policy Kit

Download a comprehensive bundle containing over 40 IT policy templates. Each can be modified to align with your specific business requirements. Complete instructions are included.

Learn more >

Social Media Policies Toolkit

Define the rules at your company for the proper use of social media platforms such as Blogs, Twitter, Facebook and Youtube. Ensure your users are spending their time productively and company resources are being used for the business.

Learn more >