Insights & Resources

What would we do without email? It seems as though now, more than ever, we rely on email for everything – from doing our jobs to managing our social and family lives. It’s both a blessing and curse, though, as many of us might say we face email overload on a daily basis. Tackling that inbox is a never-ending challenge!

Certainly, the Internet and electronic communication in general have revolutionized the way we conduct business. Although these tools make us more efficient, productive, and better informed, they also create problems that can distract from and undermine a company’s mission. That’s why it’s important to have company email policies that enable employees to use these powerful tools in an appropriate way.

Why Do You Need an Effective Company Email Policy?

Simply put, an effective email policy will encourage positive, productive communications while protecting a company from legal liability, reputation damage, and security breaches.

Like most company policies, rules and expectations should be tailored to fit the needs of the business and industry in which it operates. The following guidelines comprise potential components of a company email policy, but you will have to determine what is most important and relevant to your organization.

1) Emails Are For Business Use

Though it may seem obvious, your policy should be clear that the use of a business email address is for business only. You may draw a distinct line that any personal use of business email is strictly prohibited, or your policy could include guidelines on how to handle personal email because there are times when a personal matter might be discussed on a business email account. These guidelines could include stipulations, such as limiting the amount of time your employees can send personal messages and prohibiting the use of business email to sign up for accounts not related to work.

2) Emails Are Company Property

Along the lines of “business email is for business use,” your policy should make it clear to your employees that all company email is the company’s property. That is, any email that is sent, received, created, or stored on a company’s computer system may be viewed and even admissible in a legal case. As an employer, you have the right to monitor your employees’ use of email, but it is legally important to ensure they are aware of potential monitoring.

3) Company Network and Security

One of the most important things your email policy should address is security because emails provide a perfect opportunity for security breaches. Phishing and, more specifically, spear phishing emails have increased and are common cyberattacks on small businesses. Phishing refers to emails that appear to come from a legitimate source but are scams designed to steal private, sensitive information.

Did you know that…

• In 2015, 43% of phishing campaigns were targeted at small businesses (Symantec).
• An estimated 91% of cyberattacks start with phishing (PhishMe).

You can see why it is so critical to ensure your employees are aware of security threats through training and by enforcing smart email protocols as part of your policy. Some simple rules may include:

• Be suspicious of unknown links or requests sent through email or text messages.
• Don’t open email attachments from unknown sources, and only open attachments from known sources after confirming the sender.
• Never click on links in emails.
• Don’t respond to requests for personal or sensitive information via email, even if the request appears to be from a trusted source.
• Verify the authenticity of requests from companies or individuals by contacting them directly.
• Encrypt any proprietary or sensitive information sent via email.

4) What is NOT Allowed

It’s always worthwhile to be explicit about the types of communications that are prohibited by company policy, primarily in the interest of heading off bad or illegal behavior and protecting the company from liability. For example, you may want to specify that emails sent through your company’s system:

• May not be used to harass or make threats, nor be offensive or disruptive in nature.
• May not include language or images related to race, gender, age, sexual orientation, pornography, religious or political beliefs, national origin, or disability.

5) Receipt of Inappropriate Email

Always encourage your employees to report the receipt of any inappropriate email with prohibited content to a supervisor or manager. In fact, your company should put a protocol in place to investigate and address any reports of inappropriate email in a timely manner.

6) Retaining Emails

Your email policy should explain what emails should be retained, where and for how long. Keep in mind that different industries and businesses may be subject to different regulatory standards.

7) Etiquette

Email etiquette, which entails preferred protocols in communication, is not always included as part of a formal policy, but businesses may wish to provide guidance to employees related to:

• Signature line – You might want to specify the information your employees should include in their signature line.
• Reply all – Limit replies to those who need to know the information being conveyed to respect others’ time and inbox capacity.
• Forwarding – In general, don’t forward emails without permission, or at least to review the content that will be forwarded to avoid sending sensitive information.
• Responding – Employees should respond to emails, both internally and externally, within a reasonable (or specified) timeframe.

8) Quality of Work and Life

Technology has dramatically improved how we do business but that same technology can be consuming. Depending on industry demands and a company’s culture, it may make sense to set some parameters around email use to limit the intrusion technology can pose, both on personal lives and productivity. Some policies companies may consider are limiting use of email after hours or during vacations, limiting use of internal email (to encourage colleagues to talk to each other), and limiting use of email during certain work hours.

9) Consequences of Noncompliance

Policies aren’t very effective if they can’t be enforced, so there should be a way to ensure compliance with them. Employees should know the consequences of breaching the email policy, including any disciplinary action that could result in termination.

10) Awareness of the Policy

To ensure that employees are aware of the company email policy, it needs to be readily available to them either in the employee handbook, posted on the company intranet, or stored in a public folder. To further increase their awareness, it’s always helpful to hold training and discussions about the policy, requiring employees to sign an acknowledgment that they have read and understood the rules and expectations.

Final Thoughts

As you consider which guidelines you need (or want) to incorporate into your company’s policy, consult with key stakeholders within your organization, such as the HR department, IT department, PR experts, legal counsel, and others that should be involved. Make sure your email policy is succinct, easy to understand, and consistent with other similar company policies.

Email is undoubtedly an indispensable business tool to facilitate communication and workplace efficiency. However, misuse can result in legal trouble, recurring harm, and security breaches. Crafting a thoughtful email policy that’s tailored to your business can maximize email as a useful tool and avoid the undesirable consequences of poor judgment by employees. By setting clear guidelines about email practice – from what is appropriate to what is unacceptable or ill-advised – your business can gain peace of mind and become a more productive workplace.

Want to know more? Download our full whitepaper! Have questions? Contact us today.