5 Steps to Email Compliance


Your email is NOT secure.

For most businesses, email is a vital method of communication. Many organisations rely on email to send confidential information within and outside the business. The widespread use of email for confidential information makes it highly vulnerable to exploitation. In fact, email accounts for 35% of all data loss incidents, a recent study found. So with huge potential to cause harm to your business, there is a need to secure, control and track email messages and attachments wherever you send them.

94% of businesses that suffer a data loss will experience a negative repercussion
43% of these companies will go out of business
61% of businesses are not prepared for insider threats
40% of data loss is due to human error

Unfortunately there is no guide book or plan that will help you comply with every regulation for email communications. Every organisation is unique. However there are a few steps every business can take to simplify the task of developing an email compliance policy.

1 Determine what applies to you

Is your organisation subject to any regulations? Probably likely if you are in the healthcare, financial and legal sectors. What requirements exist to demonstrate email compliance? Do any of these regulations conflict?

Try and determine if you need different policies for each regulation, or if a single comprehensive policy will do.

2 Identify what needs protecting

This will depend what regulations your business is subject to. You need to identify what confidential information is being sent via email. You might get a surprise at just what your users are sending by email. This could include credit card details, health records, or any personally identifiable information.

You need to determine who has access to send and receive such information. Then you can set policies controlled by technology to encrypt, archive, or even block the transmission of email content based on users, keywords or any other method of identifying data that is deemed to be sensitive.

3 Track data leaks and losses

Once you understand what data is being sent via email, you can track if and how data is being lost through email. Are breaches occurring inside your organisation? Are certain users sending data they shouldn’t be? Are confidential files being emailed out of your business that could cause your business harm?

4 Identify the solution you need

Having a solution to enforce your policy is as vital as the policy itself. Here are some solutions that can be implemented to ensure your policy is implemented:

End-to-end Encryption: this ensures that data remains confidential between the sender and recipient, preventing unauthorised access or loss.

Data Leak Prevention (DLP): Often essential for email compliance, this provides content filtering, authentication and permission rules to limit access and transmission of sensitive data sent within and outside of your organisation.

Archiving: Some regulations require that email is retained, indexed and remains accessible for a period of time after transmission. When encrypted and backed-up, archiving provides you with additional protection against loss and unauthorised exposure.

Antivirus: protects your business additional protection against exploitation or loss, by defending against phishing and other attacks that could compromise the security of your business data.

5 Educate your users

A good compliance policy will focus on user education and enforcing policies for acceptable use. Unintentional human error remains one of the most common causes of data losses, so many regulations require the education of users that could potentially breach your policy. When users understand the consequences of non-compliance, and the technologies in place, they will be less likely to let their guard down and make mistakes.

How we can help

At m3, we have a number of solutions that can help you become email compliant:

  • Office 365: the route to compliance and better security starts with having a business-class email system in place. Office 365 is the go-to solution for business of all sizes.
  • Cirius Secure Messaging: is a simplified, secure, cloud-based communications and information management solution that enables companies to protect and control email and valuable company data. Over 7000 customers Worldwide.
  • ESET Endpoint Security: provided to customers as a fully-managed antivirus solution, ESET provides zero-hour protection against virus and malware threats.
  • FuseMail: is a cloud-based email filtering and security suite. It provides spam filtering services, as well as scanning inbound and outbound email for viruses.

For a chat about how we can help your organisation, call us on 01738 237001.

Love m3? Spread the word!