Essential e-mail policies: Check IT List

To ensure your small business' e-mail system is safe and secure and your employees are producing e-mail that is clean, clear and compliant, The ePolicy Institute recommends you apply these 10 e-policy tips:

1. Apply the three Es of e-risk management.
   1. Establish written e-mail rules and policies.
   2. Educate all employees, from the summer intern to the owner. Written e-mail policy coupled with an effective employee education program may help your organization defend workplace lawsuits and other risks.
   3. Enforce e-mail policy with a combination of discipline and monitoring/filtering software.

2. Address ownership issues and privacy expectations. E-mail belongs to the employer, not the employee. Use your e-mail policy to advise employees that the e-mail system -- including all content, messages and passwords -- is the property of the organization. If you monitor e-mail, tell your employees. Let employees know they have no reasonable expectation of privacy when using the company's e-mail system.

3. Control risk by controlling content. Is it possible your employees are insulting, defaming, harassing or otherwise offending customers, co-workers and vendors via e-mail? Couple content rules with employee education to ensure e-mail messages are as clean and clear as they are safe and secure.

4. Establish and enforce rules of netiquette. Employees have the right to work in an environment free from harassment, discrimination and hostility of any kind. Adherence to online etiquette, or netiquette, guidelines keeps employees' content clean and employers' liabilities in check.

5. Treat e-mail as a business record. E-mail creates a written business record that can come back to haunt you (or help you) in a lawsuit. According to the 2004 Workplace E-Mail and Instant Messaging Survey from American Management Association and The ePolicy Institute, 20% of employers have had e-mail subpoenaed and 13% have battled lawsuits triggered by employee e-mail.

6. Address personal use. Use your policy to let employees know how much, if any, personal e-mail use is allowed. Be specific. Leave no room for individual interpretation. Remember, an employee's interpretation of "appropriate" personal use is likely to be significantly different from your own. Spell out exactly when, for how long, with whom and about what topics employees may communicate.

7. Incorporate an overview of your sexual harassment and discrimination policies within your e-mail policy. Because of e-mail's relaxed, informal nature, some employees will put in writing comments they would never say aloud. Make sure employees understand that regardless of how a message is transmitted, an inappropriate comment is an inappropriate comment. All it takes is one offensive remark to land you on the wrong side of a costly, protracted lawsuit.

8. Address the sending, forwarding and receiving of spam in your e-mail policy. Establish a policy that addresses e-mail spam as a threat. Educate employees about spam and e-mail policy compliance. Implement technology to block spam at the gateway and eliminate the need for desktop management of unsolicited e-mail. Let employees know how you want them to handle unsolicited e-mail that violates policy.

9. Don't forget instant messaging. It's estimated that 25 million employees are using personal IM tools downloaded from the Internet. They put the organization at tremendous risk by communicating via public networks -- without management's knowledge or written rules and policies to reduce liabilities. Manage IM today, or face legal, security and other challenges tomorrow.

10. Insist on employee compliance. Be sure every employee understands each e-mail policy and procedure and is clear on what constitutes appropriate and inappropriate use of the organization's e-mail system. Require each employee to sign and date a copy of every e-mail rule and policy, acknowledging that the employee has read, understands and will comply with the policy -- or accept the consequences, up to and including termination. Create continuing education activities and tools to reinforce training and ensure e-mail rule and policy compliance.

Rate this Tip To rate tips, you must be a member of SearchCIO-Midmarket.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Information security management for the midmarket Droid does, but will IT support it? Information security program revamp adds outsourcer oversight and more From data breaches to risk management frameworks: Test your knowledge The challenge of managing risk when IT budgets tighten Why cybersecurity awareness is everyone's responsibility Information technology management e-book downloads for midmarket CIOs 10 must-have steps for an effective SMB information security program Your IT security budget: How to get more bang for the buck Using key risk indicators to sell your information security program IT security spending a bright spot in '09, with more growth predicted IT and business management for the midmarket Three ways Lean processes can improve your BPM effort 7 steps to a workable business process management strategy Seven tips for cutting vendor maintenance on business applications How to cut application maintenance fees without undue risk or hardship CIOs taking risk of cutting vendor maintenance contracts to save money Project management evaluation: Test your PPM knowledge Your IT security budget: How to get more bang for the buck High-end PPM software, not just MS Project, finds place in midmarket Even with a PPM solution, IT project and portfolio challenges remain From software prices to EHR security: The latest advice for CIOs Email and messaging for the midmarket Midmarket data center management guides: Tips and best practices CIO's cost-cutting measures include move to Gmail Midmarket firm harnesses email communication as part of disaster plan Arts center's network infrastructure hits right note with Wi-Fi, FMC When Microsoft shuts you down and other IT horror stories CIOs, unified communications and the lost art of conversation Fixed-mobile convergence saves firms costly mobile phone charges CIOs grapple with tying Wi-Fi, VoIP into unified communications plan Unified communications: Savvy business move or security meltdown? Unified communications security: How safe is it? RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.