Our employees have always been able forward their work email to personal Gmail accounts and mobile devices, but as our company grows we are becoming more concerned with this practice. What are the ris
Answers
No disrespect intended, but your policy is a very large mistake. Work and personal should never be combined. There is always a line. If you receive a customer complaint or claim that the customer never received what was promised to them, good luck tracing your records to try and understand the series of events. Additionally, how can you distinguish company ownership vs personal ownership with respect to processes and clients? I would immediately establish a policy that as of 1.1.2013, personal and business will no longer be combined...and enforce it.
Depending on what information your company handles on a day to day basis the policy approach your company should put in place will vary. In the event your company handles material non public information, information that can be considered proprietary, and other information that would be considered "client or company sensitive" you should instill a policy ASAP. Unfortunately policy making and communication is only half the battle. You also need to put a control in place and test the control so that you can ensure it works. There is software and vendors that offer this type of security monitoring for outgoing emails and the content therein.
In order to understand the associated
For example, social security, employee addresses, credit cards, engineering specifications, client lists, contract specifications; probably a big "no-no" to fall in the public domain.
Once you have inventoried and classified your information assets then as previously stated you need to control the information flow hence you need to make certain there is only one route to go to the internet meaning no direct access, dial-ups or rouge wireless access points. Then you are in the Data Loss Prevention (DLP) selection exercise.
I agree with Regis. Stop this practice. You will have multiple issues including maintaining professionalism in reaching out to customers and also keeping email history.
If mail is being sent to a personal account ... I would go further with the problem of asking why is an email being sent in the first place? Is the problem from an employee is wanting to get a job done and feels that they need to sent it home to work on it? Or is it to be malicious? Obviously you don't want business mail sent out to personal accounts and a policy could be put in place. But I think one needs to look at if the employee is feeling they need to take work home first.
You should not allow employees to cc their personal email accounts for work communications.
Your company should have an email server set up to send email to employee's mobile devices or provide web mail options so they do not have to "send through" their personal email accounts.
In many industries email contains sensitive information about developments related to your competitive edge. Many employees may be married to spouses who work for your competition, as an example.
There are legal concerns obviously, but there are competitive concerns as well. If you are working for a public company, and you are a consulting operation you are asking for a lawsuit.
You may be asking for legal trouble if you are consulting to public companies and you are sending confidential information between personal accounts during a quite period.
You need to discuss this with your house counsel and your
Going into the weeds is not necessary, just put the architecture in place.
Filed Under:
Technology