When it comes to essential security requirements for businesses, the electronic communications policy is decidedly unsexy. A painstakingly detailed document is rarely read in full outside of the employee onboarding process, and often languishes, unchecked, in the abyss of corporate paperwork.
That said, an electronic communications policy serves as the foundation for basic internet safety guidelines, business instant messaging practices, email standards, and general corporate policy for today’s digital workplace. Without a solid policy in place, businesses open themselves up to a bevy of security issues, potential employee mishaps, and sometimes serious legal challenges.
What does a good policy look like?
In general, an electronic communications policy needs to be comprehensive — meaning it covers all forms of electronic communication — and well-defined.
“It’s important to identify scope and purpose to help employees understand what you mean by electronic communications, and why this policy exists,” said Heidi Shey, a senior analyst with research firm Forrester. “Does this only apply to email? What about VoIP calls, or texting, chat and messaging apps? Without a well-thought policy, everyone makes their own assumptions about what is acceptable use, and people may not know what they don’t know about risks to the enterprise with using different forms of electronic communications.”
Shey said it’s also important to avoid making assumptions about the reader and to use clear, concise language that employees understand. A policy document should also provide a date for when it was last updated and a contact person for employees to go to if they have questions or concerns.
The most comprehensive, well-defined communications policies are usually written by a team of experts within an organization, spanning the departments of human resources, legal, audit and compliance, and information technology.
“That’s because the document isn’t about any one of these things individually,” said Sean Pike, program VP for IDC’s security products group. “It’s about reducing risk throughout the business.”
As far as terminology goes, the common bullet points in an electronic communications policy include:
- Guidelines on the appropriate use of email and other communication platforms
- Retention policies
- Proper internet usage
The policy should also contain clear language about prohibited uses of email, messaging platforms, internet and other electronic communications, as well as consequences and disciplinary actions for policy violations.
The security rationale
When it comes to email usage, the communications policy should set standards for appropriate content to send under the company banner, as well as rules for acceptable use and behavior, like avoiding personal messages and maintaining professionalism.
Precise guidelines are also needed to ensure that certain types of information remain within the confines of the business and only reach the eyes of intended recipients.
“The drivers are are often risk or regulation,” said Pike. “Accidentally leaking corporate crown-jewel intellectual property via email could be devastating, and accidentally emailing unencrypted personally identifiable information of customers could also create challenges.”
Proper email usage is also key to preventing phishing scenarios. Corporate employees should be well-trained to avoid email that looks suspicious, and up-to-date anti-phishing training should be part of the email regimen in an effort to reduce security risks.
Policies surrounding email retention are needed to help companies ensure that they meet various data protection or retention requirements for relevant regulations, explained Shey. In healthcare, for instance, the Health Insurance Portability and Accountability Act (HIPAA) requires health care businesses to encrypt health data in transit and storage.
For financial services, the Financial Industry Regulatory Authority (FINRA) has issued guidance for social media and digital communications that requires archiving text messages for records retention purposes.
“This is so employees who are communicating with each other or clients using text messaging or a chat app for business purposes don’t put the company at risk of non-compliance and possible data leakage,” Shey said.
Both usage and leakage are important for internet guidelines as well. For the most part, companies want to make sure that users only go to approved web resources to reduce the risk of viruses or downloading unapproved software. Some companies even have policies that dictate behavior on an employee’s personal social media accounts to reduce brand risk.
The exact details of a communications policy will vary depending on an organization’s precise needs, but Pike noted that modern policies have trended toward being longer and more specific to ensure that every calculable risk is managed.
“There are plenty of ways to be destructive with communication, whether that’s leaking information — accidentally or purposefully — or creating hostility toward a coworker,” said Pike. “At the end of the day, these policies are in place to establish the way companies believe employees should act, or must act, given corporate culture or legal and regulatory obligations.”
If you need a place to start in creating or updating your company’s policies, these templates from our sister site Tech Pro Research (a paid resource) can help:
- Electronic communication policy
- Internet and email usage policy
- Electronic Retention Policy
- Social media policy
- Information security policy
- Brazilian government to create national information security policy
- Leaked: Facebook security boss says its corporate network is run “like a college campus”
- Australians will trade privacy for security if you frame it right
- How the White House’s new policy for reporting security flaws will affect businesses (TechRepublic)
- Protect your data assets when disposing of old storage media (TechRepublic)
- Geek Squad’s FBI informant case illustrates need for good IT policies (TechRepublic)
- All apps, including WhatsApp, must maintain 'sanctity' of personal communication: Prasad
- Govt to discuss proposed India e-commerce policy on Thursday
- What's Section 230? The social media law that's clogging up the stimulus talks
- 6 I-Day promises from 2014 that Modi (partially) fulfilled
- New economic priorities for a new year
- America's future in space ensures fairness for all in an unjust world
- VIETNAM BUSINESS NEWS JANUARY 11
- Why your privacy could be threatened by a bill to protect children
- VIETNAM BUSINESS NEWS JANUARY 12
- Why all of Trump's tweets and other social media posts must be archived for future historians
- Big ISPs pause donations to 147 Republicans who tried to reverse Biden’s win
- VIETNAM BUSINESS NEWS JANUARY 13
- “Make in Việt Nam” key to Việt Nam’s target of high income by 2045: researcher
- After two decades and almost $100 million, Colorado launches a new online unemployment benefits system
- Emirates spreads wings in hardest times
- VIETNAM BUSINESS NEWS JANUARY 14
- VIETNAM NEWS JANUARY 14
- Digital transformation offers better transportation services
- 5 alternatives to using WhatsApp in 2021
Electronic communication: What needs to be in a good policy have 1080 words, post on www.zdnet.com at April 3, 2018. This is cached page on Talk Vietnam. If you want remove this page, please contact us.