The Federal Records Act requires that emails of federal officials be public so that anyone who wishes to—including other government officials, news media and historians—can access them. Small-business owners may not have to worry about constituents, but they do have partners, employees, investors and possibly board members to answer to. And most small businesses have classified, sensitive and proprietary materials that shouldn’t get into the wrong hands.
Here are some tips to help you stay out of hot water when it comes to your and your employees’ email accounts.
Draw a Line
No good can come out of mixing private and company emails. As a business owner, it may be best to delineate between private and business emails, according to Eldonna Lewis-Fernandez, a veteran negotiation and contracts expert and author of Think Like a Negotiator.
“As a corporate employee who was building a business while working a corporate job, I had to toggle between two worlds,” Lewis-Fernandez says. “I could not use my corporate email for personal use and could not use my personal email for corporate use.
— Eldonna Lewis-Fernandez, author, Think Like a Negotiator
“The biggest concern when using your personal email for official business is the inability to track it and the possibility of information getting hacked and sensitive information getting in the wrong hands,” she adds. “This is why safeguarding of information is so critical, and keeping your official business official is paramount to protecting not only your company or organization but also yourself.”
Know Employee Email Rights
As an employer, you have the legal right to monitor employee emails on your company’s email system. Doing so may ensure that company proprietary information remains safe, and monitoring may enable you to head off trouble that might be brewing. At the same time, it’s also often important to note employee email rights.
Provide Employees With Guidelines
“Email remains the go-to form of online communication and often involves the transfer of sensitive and proprietary business information in both text and file format,” says Robert Rasmussen, COO of Balboa Capital. “Because of this, it is imperative that businesses have an iron-clad policy regarding the use of company and personal email. The email policy should be approved by company executives and a legal counsel, and be included in their employee handbooks.”
One best practice may be to provide employees with clear guidelines regarding company email use in your employee handbook. This may help ensure that employees abide by email protocol that’s best for the company and can protect your business if a legal issue arises regarding email.
In the employee email guidelines, consider spelling out rules regarding company email use. Note when they should use company email and when it’s best to use private email. Discuss when it’s acceptable to forward company emails and to whom. Tell employees if their company email is being monitored.
Protect Company Information
The misuse of email may present companies with a number of security and legal risks, Rasmussen suggests. “If an employee sends an email containing confidential information over an untrusted network that does not have the necessary security protocols, it can be read or copied during transmission,” he says.
Rasmussen advises that small businesses have their IT departments use best practices when it comes to securing and monitoring email communication.
“Network infrastructures should be equipped with firewalls, routers and anti-virus software,” he says. “For an added layer of protection, the mail server application and mail client application can be secured and email encryption technology can be deployed.”
Privacy Online May Not Truly Be Private
The bottom line is that any correspondence put into cyberspace—be it in a company or “private” email—cannot have a guarantee of privacy, advises leadership expert Roxi Bahar Hewertson, author of Lead Like It Matters…Because It Does.
“Anything we write or say electronically is recorded somewhere, like it or not,” she says. “If you don’t want it to show up on the front page of The New York Times, then don’t write it or say it in an email or text.”
Read more articles on cybersecurity.
This article was originally published on March 13, 2015.