Clear guidelines for employee use of email is essential in today’s digital age. Email policy isn't just about how employees use their company email address from their main workstation. It involves how they use company email on any device (including their phone), and also what expectations the company has about any use of personal email from company devices.
There are nearly one billion google search results for “email policy for employees” -- so we know that teams all around the world are working to understand this important topic. One big reason why we think so many businesspeople are search for guidance is that it's incredibly difficult to craft an email policy from scratch. Every business that doesn't yet have an email policy should strongly consider building and implementing a policy that starts from a battle-tested policy template. In this post, want to give you a clear way to determine whether the template you are starting from covers the most crucial points. Havoc Shield customers already have policy templates available to them in-platform, but if you aren't yet a customer, here's what you should look for to gauge the quality of your email policy template.
Whether you’re working from a template or starting from scratch, there are key areas you should cover:
So much of our daily lives and interactions happen over the internet, and email is a key means of communication. It’s easy to get lost in the fast-paced nature of an email exchange without thinking about the consequences or how an interaction may make yourself, your company or your entire network vulnerable to a security breach.
Employees should receive and agree to the policy before they receive the login to their company email. Company leaders and stakeholders should revisit the email policy at least once per quarter to evaluate the policy for any outdated policy information or new vulnerabilities. TikTok is a great example; Employees may think signing up for TikTok with a company email is okay if they are using it for competitive research, yet your company/stakeholders may not want your company on the app at all, given the media and government attention around it.
Don’t let your email policy become something that’s distributed once and never again communicated. Hold employees responsible for understanding the ongoing commitment of your policy with frequent reminders, trainings as necessary, office hours/Q&As with IT, etc.
Start by considering the different perspectives of the company and make sure they are able to voice their recommendations. This may include the CEO, founders, human resources, IT and the board of directors. Depending on the type of business you have, it may also involve some particular functions who use email in different ways (i.e., marketing team who may be signing up for demos or apps, sales team who may be using email as key points of communication with potential customers or clients, etc.)
Review your policies through the lens of security vulnerability, but also taking into account productivity. Be clear enough that nothing is left up to interpretation, but don’t be so strict that it takes away from employees’ ability to do their job.