Before using email and Internet Content Security tools or endpoint security solutions, you should establish an Acceptable Use Policy (AUP) and inform employees of their responsibilities and rights regarding company network resources. Education should include addressing issues surrounding email, Internet and removable media usage.
Consider addressing the following issues when developing an Acceptable Use Policy. The list below is not intended to be exhaustive, but includes suggestions that might help you when addressing areas relevant to email, Internet and removable media usage:
Managed Web Browsing (PDF, 400KB)
Email and Web access are organizational tools provided for business, research or educational use. Employees should not have an expectation of privacy in anything they create, store, send or receive on their computer.
The use of removable storage devices in the workplace – whether owned by the company or the employee - also needs clarification.
The adoption of an Acceptable Use Policy will be much smoother if users are educated on acceptable use.
Many organizations find that when they allow limited personal use of the Internet and email, employees are more productive than if personal use is completely prohibited. This may also apply to personal, portable media devices such as USB sticks and MP3 players.
Another critical factor related to personal use is consistency with regards to enforcement and setting precedents. It can be very detrimental to suddenly ban users from certain types of personal use when that use has been acceptable in the past.
Common examples of prohibited use include transmitting, storing or receiving communications that are discriminatory, harassing, obscene or X-rated, abusive, profane or otherwise illegal. There should be clear repercussions for unacceptable use, such as disciplinary action. There should also be clear procedures for how unacceptable use will be handled when it is detected.
Proprietary information should not be divulged improperly. Highly confidential information, such as company trade secrets, new product plans and sensitive customer or employee information should not be sent out via email or the Internet without encryption. Such information should also not be allowed to be copied onto removable storage media.
You should inform employees that they could be held responsible for the content of all communications they store or send using email or the Internet. All email should be identified with a name or email address; employees should not attempt to hide their identity or place someone else's identity on company communications (spoofing).
Employees should also be informed about copyright issues relating to electronic copies of documents obtained via email or the Internet, and copyrighted materials that are copied onto removable media.
If a company plans to monitor or otherwise enforce the Acceptable Use Policy, this should be clearly stated in the policy. It should also state that all communications sent or received via email and/or the Internet are the property of the company which reserves the right to monitor all messages/files on the company's network. The policy should also state that it reserves the right to monitor all company documents that are copied onto removable media and enforce the AUP accordingly.
Informing and educating users about the Acceptable Use Policy provides a number of benefits.
Marshal's content security and endpoint security solutions can play an important part in monitoring and enforcing compliance with your Acceptable Use Policy.
MailMarshal can manage email based on:
WebMarshal can control browsing activity based on:
Marshal EndPoint Security can protect your data both on and off the network by:
MailMarshal, WebMarshal and Marshal EndPoint Security all provide comprehensive reporting on content that has been transmitted (file, names, sizes, senders or users).
