Feature

posted 28 Nov 2006 in Volume 3 Issue 5

Workshop: E-mail management

The triple helix of people, policies and technology

Top e-mail consultant Dr. Keith Nicholson presents a practical three-step programme for successful e-mail management.

By Dr Keith Nicholson

If businesses had realised the true cost of implementing e-mail, would it be as prevalent as it is today? Possibly not; I suspect that had most firms been made aware of the enhanced risk and the wider issues that e-mail brings to an organisation, the cost of mitigating these risks and legislative exposure would have destroyed the business case.

The fact is e-mail arrived via the back door and we all innocently embraced it as a cheap and effective means of sending and receiving information. I have deliberately avoided the use of ‘communication’ in this latter sentence as e-mail is often an ineffective tool for communication.

However, regardless of the increased exposure it brings to organisations, e-mail is here to stay, so we must manage the issues surrounding e-mail. I first started using e-mail 20 years ago as a university professor and for the past decade I have advised businesses, both large and small, as well as public bodies, on the effective use and management of e-mail. This overview draws on these specific experiences as a consultant and CIO.

Figure 1 illustrates the e-mail landscape and reflects the 360° perspective of the e-mail lifecycle. As ever, within the triple helix of e-mail (people, policies and technology) it is the technology aspect that is most readily implemented and which commonly offers the fewest challenges to an organisation. For this reason, I am only going to summarise the key issues surrounding e-mail technology. However, I should first like to focus on the main challenges I have seen offered to organisations through e-mail.

Challenges

Most organisations, regardless of size or sector, are facing common issues.

These are typically:

Overwhelming e-mail volumes;
Increasing e-mail size;
Over-use destroying effectiveness of e-mail;
Negative impacts on staff productivity;
Negative impacts on staff morale or health;
Increasing risk and security threats;
Compliance-related issues;
Increasing and uncontrolled costs of hardware, storage and screening;
System-performance degradation.

Moreover, surveys have indicated that at least ten per cent of organisations experience e-mail abuse by staff. The propagation of viruses and worms by e-mail is well known, yet despite this documented threat, organisations of all sizes fall victim with concomitant loss of business and reputation.

One major firm lost e-mail for five days when its IT systems were compromised through a virus in an e-mail attachment. As this was their primary channel for client communication, the direct business impact was significant, but the loss of trust and confidence in them by their clients as a consequence of having their systems compromised was even greater. Despite the known risks to organisations of staff not using e-mail properly, more than 90 per cent of organisations provide little or no staff training in e-mail management.

This should be part of the employee induction programme. Citing that the e-mail use policy is in the employee handbook or on the intranet will cut little ice with the board should the organisation be exposed to litigation through poor e-mail management.

Retrospective introduction of policies and procedures is always challenging. In guiding organisations through this process, I have found the following three-step programme valuable in driving change while keeping focus and distributing responsibilities in what is a change management programme.

The three steps to success

Effective e-mail management involves a simple three-pronged strategy:

Good practice – in writing and managing e-mails; using alternative solutions;
Enforced policies – ensuring effective e-mail lifecycle management;
Effective technology – in screening, securing and storing e-mails.

By delegating each of the three-step programmes to discrete teams, rapid progress can be made in establishing and implementing sound e-mail management across an organisation.

Team one (good practice) will typically be composed of staff from training with assistance from IT around alternative technologies; it is beneficial for IT staff to be seen within the business as I have found this promotes greater engagement by all parties.

Team two (policies) is comprised of staff from HR, Compliance and Legal to write policies which are consistent with regulatory and legal requirements together with the enforcement mechanisms and disciplinary procedures. Union representation if appropriate is often engaged with this team. Team three (technology) lies within the remit of the IT department but should involve Legal to ensure evidential integrity is maintained on screening and storage of e-mails, and security as the physical security of the technology is also a factor.

Good practice

Good practice is simple common sense. The programme can be summed up as follows:

Housekeeping policies – integrated with the information lifecycle management procedures, encouraging users to take responsibility for their electronic workspace and information resources;
Mailbox size limits – a crude management device but one that can encourage users to take responsibility;
Archives, storage policies, procedures and technology – part of the information lifecycle management procedures. Note that whichever archive system is adopted, evidential integrity must be preserved. The time limit of storage is dependant on the sector and specific regulatory requirements, and this should be incorporated into the information lifecycle management procedures;
Effective use of e-mail – staff should be trained on the appropriate use of e-mail, alternatives available which are a more suitable application than e-mail (e.g. web-based collaboration systems) and the implications of casual e-mail use. This training should be part of the induction programme;
Release of e-mail address – part of the staff training programme, but worthy of specific comment.

Staff should be made aware of the risks associated with releasing their company e-mail address by signing up to e-mail newsletters on websites which will then sell on the e-mail address to spam companies. Free horoscopes are a good example of a sign-up that will yield hundreds of spam e-mails onto the company system.

Technology

There must be effective screening of incoming and outgoing e-mails for malicious code (viruses and worms, for example); inappropriate words and images; and sensitive information. Once e-mails have been received, further systems are necessary to store messages for short-term access, intermediate archiving and long-term storage.

Why is this important? E-mail software is not designed to be used as a storage facility, yet without controls and training in place, most people will understandably file e-mails within their e-mail system, typically under a series of folders. The result is a degradation of performance of the e-mail system and rapidly increasing costs as the IT department is forced to add more and more disk space to accommodate the ‘e-mail squirrels’ who keep everything.

Some may archive their e-mails following a system-generated request to do so, not realising that these are often being archived onto the local disk drive, not a system server. E-mail stored in this way cannot easily be searched; access to the information held within the e-mails is therefore restricted and this can be lost when the PC’s disk is reformatted or the employee leaves the organisation.

When presented with this argument, a common riposte from employees is along the lines of: “Does this matter? They’re my e-mails anyway.” Such a response arises from the legacy of ubiquitous e-mail use in both the domestic and business environments. The fact is e-mail is content, and the firm’s content at that, and as such should be subject to the same controls as physical assets.

While much e-mail traffic is casual in nature, a significant amount of messages do contain intellectual property and this must be preserved and protected. E-mail should therefore be stored in a consistent, controlled manner that enables enterprise-wide searching (for example, to ensure compliance with discovery requests) without unauthorised deletion.

The requirement for short-term access is commonly fulfilled by a document management system or a dedicated e-mail solution. The key constraint in selecting such a system is that the link between the e-mail message and any attachment must be preserved, and preserved in such a manner that evidential integrity is maintained should, for example, litigation involving e-mails arise.

Dedicated e-mail storage systems that compress, encrypt and permit searching across the entire store are now widely available and offer an ideal approach to intermediate storage and, perhaps, long-term storage – though this is still often addressed through tape systems.

There is an interesting trend in e-mail volume and size (see figure two) which emphasises the need for an effective storage system for e-mails and linked attachments. E-mail volumes are stabilising, the amount of e-mail being delivered is rising more slowly, but despite this, the storage requirements for e-mail are rising exponentially. The reason lies in the increasing use of large attachment files resulting in a huge increase in the size of individual e-mails.

People

I have already highlighted in the section above some of the issues surrounding the ‘people’ aspect of e-mail management. Changing established behavioural patterns and getting buy-in for these changes is essential if e-mail management is to be effective. However, as in any change management programme, staff must be given appropriate guidance and training in the adoption of the new policies.

To overcome the inherent resistance to change felt by most people, to establish e-mail as part of the formal corporate communication chain and to make e-mail more effective, I have used the following ‘what, where, how and why’ as the basis of training programmes and e-mail use policies:

What to put in an e-mail – for example, company policies on content, contract negotiations, personal additions to formal e-mails;
Where to use e-mail – remote access, web mail options and controls;
How to use e-mail – getting the most out of the desktop software;
Why use e-mail – are there more effective communication channels?

The key messages that these training programmes are intended to emphasise include:

E-mails are organisational information;
Manage e-mail as formal documents/records;
Apply an information lifecycle management policy – including archiving and eventual destruction policies;
The e-mail system (the inbox) is not a storage facility;
Use e-mail strengths – recognise weaknesses;
Use alternatives to e-mail.

Controlling the inbox

Some people allow their inbox to rule their working day – they always respond to the arrival of an e-mail, disrupting the task in hand and probably not giving the e-mail reply the attention merited either, leading to lengthy e-mail exchanges. These e-mail slaves need help, so here are some simple tips for staff to free themselves from e-mail slavery:

Organise and filter e-mails – avoid your inbox becoming a cluttered mess of unorganised messages;
Mute the audible e-mail alert – it is not necessary and too distracting for everyone in the office;
Set specific times to respond to e-mails – check e-mails regularly but at specific times; introduce some structure to your response to the inbox;
Enable spam filtering – minimise junk mail as much as possible and encourage the use of an outsourced e-mail screening service if possible;
Housekeeping and archiving routine – follow your company policy for deletion and archiving. Keep the size of your own e-mail stores and inbox to a minimum.

Behavioural changes

To improve the use of e-mail requires a change of attitude among staff and, possibly, a culture change across the organisation. Changes in business processes to include e-mail in the information management lifecycle and storing e-mails in a document management system will encourage staff to regard e-mail as corporate information and therefore of corporate value.

Changing our own behaviour in how we manage e-mails is a good start, but the organisation as a whole needs to implement and enforce some basic awareness and behavioural principles to achieve an organisation-wide, responsible e-mail culture. Here are some examples of rules which have been successful, adopted by several organisations:

Use ‘reply to all’ appropriately and do not ‘carbon copy’ (cc) widely – these features alone are responsible for much unnecessary bloating of the inbox;
E-mail is corporate content and should be written appropriately in business language and style. Using a casual approach to language can lead to misunderstandings and a poor image of the firm;
Exploit the strengths of e-mail. As a tool for the rapid transmission of large amounts of information it is very effective, less so as a team communication tool;
Use alternative channels to e-mail, such as the intranet or online collaborative tools;
Talk. Most people can talk faster than they can type. It is easier to have verbal discussions and verbal briefings are most effective as they allow easy question and answer sessions (which are much more efficient than lengthy e-mail exchanges). Speaking directly permits quicker, easier explanations that are less likely to be misunderstood than quickly written, poorly constructed e-mails; finally, talking together enables a team dynamic to be established, something which is impossible by e-mail.

E-mail alternatives

To reduce the burden on e-mail systems and inboxes, staff should be encouraged to use alternative systems where these are more effective. Examples of practises which I have seen effectively deployed include:

Use the intranet for announcements and general information delivery;
Use a web-based collaboration forum for discussions between projects teams or communities of interest;
Discussion boards either within a Microsoft SharePoint collaboration solution or as a stand-alone resource;
Web conferencing can be more effective for lengthy discussions than multiple (and long) e-mail exchanges;
Use instant messaging for short, informal internal messages (although do note that opinions differ widely on the use of instant messaging and whether this merely introduces yet another distraction, not to mention another information stream to monitor and archive).

Policies

The creation and implementation of policies and procedures will introduce a framework of governance around e-mail. This not only mitigates the inherent risks introduced by e-mail but, should problems arise, staff and the company should have established systems in place to rapidly address the issue. Below I have listed typical examples of items to be included in the policy portfolio. These may all be embraced within a single e-mail use policy, or included within a series of policies:

Acceptable use, content, disclaimers – a description of acceptable behaviour;
Audit and monitoring, privacy – clear specification of the firm’s policy on e-mail monitoring and the privacy of personal and business e-mails;
Enforcement – a description of the procedures that will be employed to enforce the firm’s policies and the disciplinary action and escalation procedures;
Segregation of roles and responsibilities – this is particularly important should disciplinary issues arise. Typically the human resources department will review e-mails that have been blocked on content, not the IT department, since it could be argued the IT staff have the knowledge to change the content of an e-mail;
Storage, archiving, retention and deletion – clear descriptions of what system to use and when;
Access control – under what circumstances can other staff read e-mails in another person’s inbox in their absence (for example, between the personal assistant and director)?;
Encryption, mobile, remote communication – procedures around the use of corporate e-mail systems from external resources and the precautions staff must adopt;
Staff induction and training – a clear programme to include the ‘what, where, how and why’ of e-mail management.

Business benefits

As with any IT or change management programme, there must be clearly defined business benefits to warrant the financial and time investment in the procedure. In building a business case to justify investment in e-mail management systems, consideration should be given to benchmarking the present position against agreed metrics, so that progress can be shown against a starting point.

In addition, there should also be agreement within the organisation about the end-goal benefits of the project and determining suitable metrics against which progress can be measured and demonstrated.

Typical benefits include:

Improved systems management;
Adoption of alternatives to e-mail;
Improved productivity;
Compliance across multiple regulations;
Addresses common problem areas of risk;
E-mail as content – attitude/cultural change.

In addition, subsidiary benefits may be accrued as the project unfolds; these should be enumerated and metrics used against some or all of these. In this way the project can be shown to be providing added value and real return on investment.

Keith Nicholson is a former CIO and winning medalist in the IT Director of the Year Award. He has held directorships in FTSE 250 companies, with responsibility for global e-commerce, IT, information security, information management and knowledge management. He has also led the IMS Strategy Branch for the Scottish Executive. A regular conference speaker, Nicholson delivers in-house corporate strategy workshops and consultancy. He can be contacted at: keith@keithnicholson.com.

This Workshop was extracted from the recently published Ark Group report, E-Mail Management, produced by Joanna Goodman. To order a copy, please contact Adam Scrimshire, ascrimshire@ark-group.com.