Magazine article Risk Management

The 3 E's of E-Mail and Internet Policies

Magazine article Risk Management

The 3 E's of E-Mail and Internet Policies

Article excerpt

The cornerstone of an effective risk management program comprises the establishment of comprehensive policies, the education of employees on these policies, and enforcement-and reinforcement-based on defined guidelines.

These policies must cover all forms of employee conduct in the workplace, including physical, verbal, printed or electronic interaction. For many of these activities, policies have already been established, with enforcement precedents on record. It is electronic interaction, however, that many businesses have yet to effectively address.

E-problem

Given that the misuse of a company's e-mail system or Internet access by an employee can wreak havoc on an organization, the lack of attention to this matter is unacceptable. Inappropriate e-mail or Internet use not only decreases productivity, it opens your company to costly liability. This is clearly no laughing matter.

Consider the following:

Sixty-eight percent of companies characterized messaging misdemeanors as widespread, with related losses estimated at $3.7 million per company, per year. (Datamation)

About 55 percent of workers exchange potentially offensive messages at least once a month. (PC Week, March 1999)

In a 1999 survey of eight hundred workers, 21 percent to 31 percent admitted to sending confidential information, such as financial or product data, to recipients outside the company via e-mail. (PC Week, March 1999)

In a survey of thirteen thousand email users, approximately 90 percent said they received spam (unsolicited commercial e-mail) at least once a week. (Gartner Group)

Thirty percent to 40 percent of workplace Internet surfing is not business related. (IDC) In fact, 70 percent of Internet porn site traffic occurs during the nine-to-five workday. (SexTracker)

These statistics point to wasted time, decreased productivity and system degradation. And this is in addition to the legal risks. It is important to keep in mind that any business can be held liable for the actions of its employees if a staff member: violates government regulations; sends actionable messages or destructive, harassing, offensive or discriminatory e-mail; or uses e-mail or the Internet to conduct malicious activity.

Organizations dedicate tremendous time and resources to recovery steps: combating the effects of e-mail viruses, making amends for disparaging or inappropriate e-mail content or Internet use, and dealing with extensive litigation due to employee misuse of company e-mail or Internet access. But effective risk management mandates a proactive approach. Understanding the threat posed by the misuse of company e-mail and Internet access is important, but knowing what you are up against is not even close to half the battle. You must act on that knowledge quickly and decisively by creating a clear and concise employee e-mail and Internet access policy, disseminating that to employees and creating enforcement standards for those who do not adhere to the rules.

In short, it is an operational imperative that you practice the three E's of e-mail and Internet policy programs: Establish an official e-mail and Internet usage policy.

Educate employees on company policy and their individual rights and responsibilities under this policy.

Enforce and reinforce this policy using standardized enforcement principles.

If you think the solution sounds too simple when the problem has become so overwhelming, think again. Following certain commonsense guidelines will help ensure your ability to create an effective employee email and Internet access policy, educate employees on their specific responsibilities under the policy and efficiently enforce that policy simply, quickly and judiciously.

Create Consensus

It is not necessary, nor is it advisable, to attempt to please every employee with your new policy. However, it is essential that you recognize the impact this policy will have on the company's information technology, human resources and legal departments, as well as senior management. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.