1. Create a reasonable and enforceable policy.
2. Spell out privacy expectations clearly.
3. Require that each employee sign the policy. Issue frequent policy reminders.
4. When the policy is broken, consult the legal department and have an immediate conversation with the employee, accompa- nied by a human resources representative.
5. Don't limit employee training to policy issues. Also include etiquette, proper use of group mailing lists, and information about recognising scams and urban legends.
6. Limit employee mailboxes to an appropriate size (CIOs inter- viewed for this article recommended a range from 15MB to 150MB depending on the type of work).
7. Consider your potential legal liability in determining how long to store messages.
8. Consider filtering tools, but be aware of the limitations.
9. Install two different antivirus software packages (one for servers, one for desktops).
10. Teach users to distrust all attachments, particularly unexpected ones.