Force Employees to Empty Their Mailboxes.

Do you know what your employees are storing in their electronic mailboxes? You may be surprised to learn some employees are saving e-mail messages from years gone by.

The problem is not merely electronic clutter. It is more serious than that. In case of a lawsuit, a forensic investigator first would ask for all the messages in your employees' active mailboxes. Next would come a request for backup tape. Finally, hard drives might be reviewed, if the forensic expert had reason to believe employees were storing information there.

An empty mailbox is a safe mailbox. Clean out overstuffed employee mailboxes with a combination of education and automation.

1. Reach out to your employees. Explain the organisation's e-risks, and issue e-mail deletion guidelines individually. Tell employees you do not want them to hold onto old e-mail messages. Discourage employees from storing e-mail on their hard drives as an alternative to their mailboxes.

2. Explain to employees how the manual delete folder works. Many people do not realise that messages will sit in the delete folder forever unless the user takes steps to empty it.

3. Control whatever you can centrally and take advantage of new, more sophisticated management software as it becomes available. Assign limited e-mail space on your file server. Reduce the size of mailboxes; employees who tend to oversave mail will simply run out of room.

4. Install software that allows your e-mail systems administrator to empty employees' delete folders automatically every 30 days.

5. Be alert to the fact that your employees may be storing information on their hard drives to side-step automatic deletion. Because no software exists to alert employers to the fact that employees are saving messages to the hard drive, education plays an important role. Make it clear to your employees that saving messages to the hard drive violates the organisation's e-policy. Stress the fact that were the organisation to be sued, all the material on employees' hard drives would be subject to legal review.

Limit Liability by Enforcing Risk Management Policies.

Rely on your e-policy team to ensure the successful implementation of your e-risk management policy and your comprehensive e-mail, Internet, and software policies. In particular, the human resources manager and chief information officer should play active roles in the introduction of e-policies and ongoing employee education.

An effective e-risk management program should combine technological tools with people skills. Utilise all the e-risk management software at your disposal; then add a big dose of common sense to the mix.

Hush . . . Keep Your Password to Yourself.

Would you buy an expensive luxury car, then leave it sitting unlocked in a public parking lot with the keys in the ignition? Doubtful. Do you go to sleep at night with all your doors and windows standing open and unlocked? Unlikely. Would you leave your purse or wallet sitting in plain view in a high-traffic, open-office environment? Surely not. Most of us go to great lengths to safeguard our personal property. Too bad we don't give the same consideration to our business assets.