In your company, communication is the circulatory system that keeps business moving. Next in line after telephone, E-Mail is the second easiest way to reach someone online. Sending documents, personal information, jokes and virsus are the most common types for information to be sent through e-mail.

There are some serious security considerations that should be known to everyone who has any responsibility for their e-mail system and it’s users. E-Mail is NOT secure, EVER. I say this because unless your using it in house only, you never know where it’s going to go when you send it.

If you make a typo, someone else may get the e-mail. If, for example, you send and e-mail to someone@here.com but you sent it to someone@there.com well, there may not be a someone@there.com but the domain owner of there.com may be using a catch-all to read mail sent to any address @there.com and knows that people often mistake here.com for there.com. By doing this the owner of there.com is skimming any information that may be intended for here.com and may also be selling any e-mail address he finds.

E-Mail was invented in 1982 and was never intended to be used as long as it has been. So, as such it should be used appropriately and by implementing an E-Mail Security policy will help mitigate data leakage. Remember, educated users are in much less danger than users who are uninformed of the risks.

Here is sample E-Mail Policy that I use. Feel free to use it as a template for your own organization.

Why do you need a Laptop Policy?

Here is an example Laptop security policy. I have found it extremely helpful in aiding me in making mine. It’s difficult to think of all the different situations that can occur   and this template for a laptop security policy is just a lifesaver. I strongly encourage the enforcement of encrypting your company’s laptops because laptop theft is on the rise, and laptops were intended to be taken out into the world. It’s a company trip and you leave the room for some dinner, to return to find that your laptop is missing. Not only is your work and resources now robbed from you, but the hidden costs of data leakage in enormous. An average estimate for stolen data from Laptops results in $70,000 in damages per laptop in 2008. Can you afford NOT to take precautions?

Start with a strong Laptop Policy that stresses the importance of such things. Let me know if it looks like anything is missing.

Download from From ISO Security