In this article we will define an email policy, the potential positive's and negative's and explain how to implement an effective email policy within your business. Implementing an an email policy for your employees can be an effective way to ensure good practice.
Our definition of an email policy is:
An email policy is a policy a business will choose to implement in order to ensure that employee's use their email in a way that is aligned with the aims of the business. This means the policy will change for different organisations, but there are general terms which are usually standard for most organisations.
Therefore, an email policy will help ensure that employee's are aware of their responsibilities when using email, what they can and cannot do, and that these terms are agreed and signed. Therefore, an employee can be held accountable if there were a violation of these terms.
"Should an email be sent that is not considered appropriate content according to the email policy, the employee, not the organisation, would bear the brunt of liability for any damages or suits brought as a result of their sending an inappropriate email."
Having a good email policy at work can also help cyber-security. Even if employees may be familiar with email and if you use a well-known email provider like Office 365, by having rules around the sending of confidential information, you can establish rules which means if there is a compromised email, there will be a less significant damage to the business.
Pro's | Con's |
- Ensures the employee is accountable for their actions via. email. | - There is the potential for an email policy to seem overbearing or 'micro-management'. |
- Safeguards the reputation of the company. | - Could be seen as time-wasting, or reducing productivity/ |
- Protection from data breaches. | - Some employee's may feel it infringes on their ability to communicate freely. |
- Ensure's that there are clear guidelines for employee's to follow. | - Must ensure commitment to the policy from all employee's. |
- In 2015, 43% of phishing campaigns were targeted at small businesses. Using an email policy will begin to help to mitigate that risk. | - May be hard to manage who is aware of the policy. |
As stated earlier, all companies and organisations are different and therefore there is no one email policy that applies to all. However, there are a few standard things that should usually be included in any company-wide email policy
Workable suggests the following should be included in all email policies:
Any form of harassment or bullying over email should be included as a specifically inappropriate use of email in the workplace.
Lawdonut lists the following as inappropriate use of email in the workplace:
There also needs to be consequences for an email policy violation, this should be clearly stated to the employee so that they are aware of the punishments, especially if it is as severe as termination.
It is also important to have email policy guidelines so that employees are aware of how they should as well as shouldn't be using emails. Understanding general email etiquette is an essential for most employees.
A good email policy also could help to avoid phishing emails by establishing rules to avoid some of the tell tale signs of phishing emails. Unfortunately, phishing is something that can't be avoided and blaming the employee could do more harm than good. But by laying out clearly what to avoid, it could help mitigate the risk to the company.
Implementing an effective security awareness program may at first seem intimidating, there is a lot...