This blog is now hosted at consciou.us

Thursday, August 16, 2007

Three (more) things you can do today to get email under control

My friend Robert posted an article entitled three things you can do today to get your email under control. I'd like to propose my own list of three items after the jump.


  1. Implement an Acceptable Use Policy (AUP)and educate your users.
    This is the starting place for all email governance efforts. You must offer your users guidance on what constitutes acceptable uses of the email system. Have you actually educated your users about policies regarding non-business email?

    It surprises me how many organizations either do not have an AUP (or one that is hopelessly out-of-date), or do not properly educate their users on it. If, God forbid, an employee termination is necessary, proof that the user was educated on the policy is more than just nice to have. Every webmail service has an AUP that must be acknowledged before an account can be set up, why shouldn't all organizations implement this?

  2. Block proprietary content from leaving your organization.
    This can be as simple as searching the email and attachments for terms like "proprietary and confidential" or "internal use only", or as complex as fingerprinting specific documents, and flagging emails containing subsections of the documents.

    Whatever you do, you need to look at the types of files that constitute your intellectual property. Some suggested starting places:

    1. Office Documents (including Adobe PDF)

    2. Source Code (VB, Java, C, C++, Perl, COBOL...)

    3. The files that support your business, e.g.: AutoCAD, Matlab, specific reports, etc.

  3. Perform an audit of your traffic to see what is really going on.
    Okay, so admittedly I copied this from Robert's article. But it bears repeating, since the vast majority of organizations do not know what exactly is moving through their email network.

    If you are concerned about privacy, have the report anonymized. This is something that MessageGate does regularly. It provides a great value, and I can assure you that there will be unique and interesting information in the audit. It will help you understand the metrics of your network, and will, I dare say, offer insight into the character of the organization as a whole.

    Just like a financial audit, it is most helpful to do the email audit on a regular basis, allowing you to track to particular goals.

Implement these, and you'll have a much greater understanding of your email, a lower risk of information leakage, and better control over your email network.

No comments: