Deployment of an email security gateway (ESG) is to prevent malicious email transmissions that can cause data breach and data loss. The ESG deployment includes not only the actual technology (product) itself, but all the other related features and processes that support it. We recommend that you take a 3-step approach to the deployment: 1) develop a roadmap to deploy your email security gateway; 2) create its supporting policies; and 3) educate your end users.
Step 1 – Developing an Email Security Deployment Roadmap
The best way to start a roadmap is to create a list of major topics you want to discuss. You’ll want to list the major topics and then provide short definitions for each. Here are five major topics you could cover in your roadmap:
- Technology Implementation – understand how to get your email security system working
- Policy Creation and Maintenance – develop policies around your security system and email
- Communication Plan – build a communication plan around your email developments
- End User Education – educate users on the new email security system and proper email use
- Email Information Page – build an awareness site.
Step 2 – Create supporting policies for your new email security
If policies are not already in place, we recommend that you create and/or refresh email communication and messaging policies to align with your new technology. Email policies should provide clear, important guidelines for users to follow.
Another benefit of having the email security policies in place is giving your clients and partners confidence and peace of mind. Having the email security policies in place means that you take business seriously and understand the need for information security. It also means that you take their and your data seriously.
Do you have concerns over legal issues regarding the email security policies? You are not alone! The good news is that most legal rulings have been in favour of companies dictating what employees can and cannot do while on company time. If you have any specific concerns, it is always a safe practice to discuss legal considerations with your counsel.
Here are some of the important items that should be in your policies:
- Outline what is expected of your users and what the consequences of violations will be
- Include statements on what can and cannot be done
- How to deal with unsolicited emails
- How to handle sensitive material and attachments
- Put your policies into a document that will be given to or viewed by every employee, current and future.
Step 3 – Educate Your Stakeholders
When deploying an email security system, there are two different groups of stakeholders: your executive team and the end users. The two stakeholder groups have different views on and questions regarding how the email security system is to be installed and managed.
For example, your executive team will want to know:
- What other organizations are using the selected solution (once one has been decided on)?
- How will the switch affect existing IT operations – what will improve, what will be lost and what needs to be created?
- Will your recommendations align with strategic business objectives to get buy-in?
- Will the solution allow IT to enable and accelerate the business, and how?
While your end-users will want clear answers to:
- Will anything actually happen to their emails and contacts, and if so, what?
- Will the new system have the same functionalities as the old one and are there plans to address any of the shortcomings in the new system?
- What will be the learning curve in using the new system?
- Will selected end-users be part of the process of selecting and doing end-user testing of the solution so that they can give their point of view feedback?
On our next blog, we will discuss how to create an effective communications plan and education materials for your end-users!
Let us help you choose the Security Vendor that is right for you
There are many tasks that need to happen before an email security system can be successfully rolled out and used properly. Our team of experts have worked with many organizations to help them build an appropriate email/data security solution and help stakeholders and users buy-in to it. Contact us today! Fill out the form below or send us an email to Cloud@ProServeIT.com. We will be happy to run a complimentary email security assessment for you and discuss how you can improve your organization’s email defense.
March 21, 2017
Comments