Skip to main content

Create An Email Policy For Your Employees To Protect Your Business

By August 11, 2016March 2nd, 2023Blog, Cybersecurity

CreateXAnXEmailXPolicyXForXYourXEmployeesXToXProtectXYourXBusinessDoes your company currently have a formal email policy? If you don’t, you need one, and sooner, rather than later. As the first “killer app” in the world of computing, email is, to this day, one of the most widely used communications tools in business. Unfortunately, it’s also the source of the most breaches and accidental data leaks. In fact, your own employees are, in addition to being your company’s most valuable asset, also the biggest source of data loss. No, it’s not always intentional – accidents can and do often happen, but it is true nonetheless, which is why a solid policy is of the utmost importance.

If you don’t have one, then the first step on your road to creating one is to get some understanding of the rules and regulations governing your business, and by extension, your use of email. The heavy hitters in this area are:

PCI DSS(Payment Card Industry Data Security Standards) – outlines how cardholder data is to be transmitted, and under what circumstances.

GLBA (Gramm-Leach-Bliley Act) – governs policy and technologies to be used to secure the confidentiality of stored or transmitted customer records.

S-OX (Sarbanes-Oxley Act) – Requires company to establish internal controls, and properly track and report financial information.

HIPAA (Health Insurance Portability and Accountability Act) – Governs the storage and transmission of patient health information and personally identifiable patient information.

Once you’ve got a good sense for what rules you’re playing by, you’ll need to assess the information you have to see which particular bits should be deemed confidential, then set strict limits on who has access to that information and create rules governing its transmission. These rules will also govern if or whether such information must be encrypted during transmission.

After that, you’ll need to put tracking and enforcement mechanisms in place, and most importantly, to educate your users on the importance of abiding by the new policies. Unfortunately, it is this last step which is often skipped, or skimped on, and it is actually the most critical to the success of whatever policy you implement.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.