Keep Hillary Clinton in Mind When Enforcing Email Security Policies
Losing money isn't illegal as long as it's yours, but it usually means you will soon lose your business, too. Now, think about what should be in your email policy. For your business, the best solution is also the most secure solution. You should operate your own email system and you should set it up from day one so that it's secure. This means, among other things, making it possible for your employees, including your contract employees, to use it both in the office and remotely. By requiring all your employees to use a corporate email system, you have control over things like encryption. You can erase company email from lost, stolen or departed phones and other mobile devices. It also enables you to enforce sound security practices such as having strong passwords and even two-factor authentication. It's possible to have reasonably secure email in a variety of ways. Of course, you can operate your own servers, but you don't need to. Hosted company email with servers in the cloud are widely available and with that you get the help of experienced administrators. It may not be a free service as it might be if you let employees use personal email, but then again, losing your data and eventually your job isn't free either.Some decisions may be a little counter intuitive. Why, for example, should your company support independent contractors by providing company email? Yes, it does cost money, but it also helps ensure that those contractors are less likely to leak important information. In addition, you can provide this email while still not allowing the contractor to seem as if they're an employee of the company by appending their name with the word "Contractor" when it shows up in someone's inbox. And part of this means you may have to lose a little of your hard-earned popularity when you change the settings on your company firewall so that employees can't reach their personal email services from inside the company. But don't worry—you'll be even more unpopular when employees realize you're checking incoming email to spot company messages from non-company sources. Your firewall probably can't do that, but other employees can if you offer them an incentive to report violations of the company's email policy. Nothing you can do is a substitute for the willing participation of your employees in making your email system secure, but your policies and the way you enforce them can provide encouragement and act as a reminder. Best of all, nobody will accuse you of displaying Hillary's disregard for established policies.
You also need to get the support of the managers and the directors of your company. This means getting your chief executive to understand the risks involved with personal email, and getting the C-level support necessary to enforce whatever you decide are your company's best practices. This may also mean support for the consequences that happen when you find your CFO doing his work using his AOL account.