Why your business needs an email policy and how to create one

Updated at: Oct 01, 2019
By Gatefy

Email policy is for email protection and security

Email policy is important to your company because it protects your brand, reduces the risk of data breaches, and facilitates company communication defining how employees must use the company’s email. Before we talk more, you need to know that the term email policy is used in two ways.

Email policy as an instruction manual

The first definition of the term email policy refers to an instruction manual. It defines what can and can’t be done while using the company's email. Example: employees mustn’t use the company’s email for illegal activities, such as selling drugs.

Email policy as a set of software rules

The second meaning of the term is more practical. In this case, an email policy is basically a filter created within a software, such as an anti-spam or a Secure Email Gateway (SEG). Example: the company's system must block emails that contain sex images. In general, these software already have default policies. You simply have to activate them.

How to create a company email policy

We’re going to talk now about email policy as a manual. Let's address points that should be part of your company email policy. Remember that each case is a case, and, because of that, you should define what points are most relevant to your organization.

Take a look at our short guideline, and don't miss our last tip.

Security and protection. This is a key point for a powerful email policy. Email is the main vector of threats and attacks, so you should invest in educating your employees. Make clear in your email policy what the main threats are and how to identify them, such as phishing and ransomware. It’s also worth investing in training, and protection software for email security, such as anti-spam and Secure Email Gateway.

Suspicious content. Encourage employees to report suspicious emails. In addition, it’s recommended that someone be responsible for investigating and analyzing these suspicious messages to avoid fraud and future damage.

Prohibitions. Set prohibitions carefully. For example: it’s not allowed to send offensive messages, nor messages with racist and homophobic content. The company itself can be held liable depending on the severity of the case and the way the situation occurred. It’s also recommended that you don’t allow employees to use company’s email to sign up in tasks not related to work.

Business use. Company’s email exist for business purposes, but sometimes it’s difficult to separate personal messages from the company's email. Define in your email policy a guideline stating how employees should handle personal messages within the company's network.

Company’s property. Make it clear to all employees that the company's email network belongs to the company. It means that any email sent or received through the company's system can be viewed and audited. Make sure your employees know that.

Compliance. Keeping in mind your business area, your company may have to meet compliance requirements and ensure sensitive data stays where it belongs. So, in your email policy, define which messages must be kept, where they should be stored, and for how long.

Code of conduct. It's important to create a code of conduct for company emails. Example: all email signatures must have photo, name and phone, and the answer time to a customer's email can’t be more than one business day. 

Awareness. Your company email policy should be available to everyone and updated often. Besides that, employees should be aware of the consequences of violating the rules.

Last tip to build your email policy

The simplest way to start your email policy, after thinking about the points above, is to go to search engines, like Google and Bing, to acquire samples. Type something like “email policy examples and samples”, take a look at them, and then make adjustments so that it complies with your company's general guidelines.