If your business uses email as part of its communication strategy, you need to have an email policy. While creating this policy is not a fun or easy job, it is a crucial one. Knowing why you need an email policy can help motivate you to get started, and knowing the types of information to include can make it easier to complete.
Why You Need to Create an Email Policy
There are many reasons why an email policy is a necessity. First and foremost, it gives you a way to present employees with the rules they need to follow when using the company email system. For example, you can let employees know that they should not use it to send and receive personal emails. You can also present the rules about using personal computing devices (e.g., smartphones, desktop computers) to send and receive work emails.
Besides laying down the rules, an email policy provides an excellent way to let employees know that their emails can be read at any time. Even if you do not plan on regularly monitoring and reading their emails, you need to protect your right to do so. If you do not forewarn employees and then later read their emails, they could sue you for violating their privacy, even if they are being investigated for workplace misconduct (e.g., harassment). Although employees tend to lose these lawsuits, you will still have to spend time and money defending your business in court.
Another situation in which an email policy can help with legal matters is when employees are caught using your email system for inappropriate or illegal actions. Having a policy that explicitly states employees must not use the company email system for inappropriate or illegal purposes can minimize your business’s liability for their actions.
What You Should Include in Your Email Policy
Your email policy needs to be unique to your business, but there are some elements commonly found in most email policies. A good place to start is to make sure that your email policy discusses the following:
- Content that is not allowed in emails (e.g., offensive comments, sensitive data in plain text)
- The rules governing when sensitive data can be emailed and how to securely do so
- How often passwords for company email accounts must be changed
- Whether employees are allowed to use the company email system for personal emails
- The ways in which employees should and should not access the email system when they are out of the office (e.g., use the company’s virtual private network, but not public Wi-Fi hotspots or public computers)
- What personal devices (if any) employees can use to receive and send work emails
- How employees must not use the email system for inappropriate or illegal purposes
- The ways in which employees’ emails might be monitored and read (e.g., using email filtering software to check messages, manually reading emails)
- Whether emails are archived and, if so, for how long
- Whether there are mailbox storage limits
- What disciplinary action will occur if an employee breaks an email policy rule
You might also want to cover the best and worst email security practices in your email policy. For instance, you might provide guidelines on how to create strong passwords and a list of risky email behaviors, such as opening attachments in emails from unknown senders.
Do Not Reinvent the Wheel
When creating your email policy, you do not have to reinvent the wheel. There are many sample email policies you can customize to your business. Plus, you can tap into your IT service provider’s expertise when you are creating this important document.
Technology can assist you in enforcing the policy rules you set in place. Talk to us today about how email management, loss prevention, encryption, and archiving can help!