In your company, communication is the circulatory system that keeps business moving. Next in line after telephone, E-Mail is the second easiest way to reach someone online. Sending documents, personal information, jokes and virsus are the most common types for information to be sent through e-mail.
There are some serious security considerations that should be known to everyone who has any responsibility for their e-mail system and it’s users. E-Mail is NOT secure, EVER. I say this because unless your using it in house only, you never know where it’s going to go when you send it.
If you make a typo, someone else may get the e-mail. If, for example, you send and e-mail to someone@here.com but you sent it to someone@there.com well, there may not be a someone@there.com but the domain owner of there.com may be using a catch-all to read mail sent to any address @there.com and knows that people often mistake here.com for there.com. By doing this the owner of there.com is skimming any information that may be intended for here.com and may also be selling any e-mail address he finds.
E-Mail was invented in 1982 and was never intended to be used as long as it has been. So, as such it should be used appropriately and by implementing an E-Mail Security policy will help mitigate data leakage. Remember, educated users are in much less danger than users who are uninformed of the risks.
Here is sample E-Mail Policy that I use. Feel free to use it as a template for your own organization.
Mashable just did a story about this very subject.
A Bank sues a gmail user because the Bank sent confidential information to that user by accident.
http://mashable.com/2009/09/24/bank-sues-google-identity/