Security Basics mailing list archives
RE: e-mail policies
From: "Michael Whang" <michael.whang () computer org>
Date: Tue, 25 Feb 2003 13:19:39 -0700
One of the most important aspects, at least legally, is to write an acceptable use policy for corporate email and resources. Just because the resources belong to a company, one cannot automatically assume that everything an employee does is privy to the company managers and administrators. There's still some semblance of privacy rights in many countries. You, as the IT administrator or manager, need to clearly write down what an employee can and cannot do. Also, another important aspect is to declare what penalties exist if an infraction occurs. As an example: "We, as the company, own the resources and expect each and every employee to follow company policies and procedures regarding acceptable use of said resources...and we will from time to time audit usage of company resources to include email correspondence." Most importantly, when writing an acceptable use policy, consult with your corporate attorney to hammer out the legalese. -----Original Message----- From: chris [mailto:chris () byteme no] Sent: February 25, 2003 02:16 To: security-basics () securityfocus com Subject: RE: e-mail policies
Dear gurus We are defining policies for the use of corporate e-mail, I have
doubts
about privacy of messages sent by employees. Since the e-mail system
is
intended for business use, we need to prevent sensitive information disclosure. If we respect the privacy , how can discover infidelity employee? What is your opinion or the standard in this cases? What is the companies approach? Thanks a lot. -- Pablo A. C. Gietz Jefe de Seguridad Informática Nuevo Banco de Entre Ríos S.A. Te.: 0343 - 4201351
Hi Although I'm not a guru, I'll give you my opinion (probably not the standard ;). Define strict policies. Make it clear that the corporate e-mail is not for personal use. Why? Because studies on the use of corporate e-mail show that the productivity, in many cases, is decreased. Sending personal e-mail to colleagues or people outside the corporation generates expectations on reply, and results in the habit of checking for new mail very often, and therefore interrupts work. There you go - no need for privacy anymore. Now you can install e-mail filters, e.g. based on words that's not acceptable in corporate messages, and bust infidel employees. - chris
Current thread:
- e-mail policies pablo gietz (Feb 24)
- Re: e-mail policies theog (Feb 25)
- RE: e-mail policies Tim Heagarty (Feb 25)
- RE: e-mail policies chris (Feb 25)
- RE: e-mail policies Michael Whang (Feb 26)
- RE: e-mail policies Bram Van Dam (Feb 26)
- Re: e-mail policies Ivan Hernandez (Feb 25)
- <Possible follow-ups>
- RE: e-mail policies Jones, Andrew (Feb 25)
- RE: e-mail policies Fields, James (Feb 25)
- RE: e-mail policies Moeckel, Sharon (Feb 25)
- RE: e-mail policies Tim Heagarty (Feb 26)
- RE: e-mail policies Mark Burgess (Feb 26)
- RE: e-mail policies Tim Heagarty (Feb 27)
- RE: e-mail policies Tim Heagarty (Feb 26)
- Re: e-mail policies mweatherford (Feb 26)
- RE: e-mail policies Mark Reardon (Feb 26)