There are a variety of business, legal, regulatory, and even cultural issues associated with taking a proactive stance on email and addressing the risk that it brings to an organization.  We work with a variety of companies and although there are certainly industry and even company-specific nuances, a minimum threshold approach to regaining control over email applies.  So to really boil this down to basics, here is what you can do tomorrow (or even today) to not only mitigate risk but take real cost out of the messaging infrastructure.

1.  Perform an audit of your traffic to see what is really going on

Whether you use a company like MessageGate or perform this analysis yourself, take a look at what is going on and who/what sends and receives the most of what kinds of messages.  The results are eye opening and low hanging fruit abundant.

2.  Implement attachment parking

The 50% of your email volume that is MS Office files can be removed from the stream by stripping the attachment and replacing it with a hyperlink to a certain file share or even MS Sharepoint.  Doing this for internal traffic alone will significantly reduce server load, duplicate attachments floating around, and archive strain.  No workflow disruption, no end-user changes, and minimal technology (you probably already own Sharepoint even if you aren’t actively using it….yet)

3.  Implement end-user self-review for three specific things:

a.  Entertainment files over 70k (image, audio, video files) sent internally or externally
b.  SSNs being sent externally either in text or attachment(s)
c.  Inappropriate language internally and externally

The ONLY way to fix these organic business processes (and bad habits) is to increase end-user awareness.  The best way to do that is not through a training seminar or "email awareness email" but a real-time corrective response that the sender can control.  Want to send that spreadsheet full of SSNs outside the company?  Fine, you can override the warning but be ready with an explanation should the Privacy/Compliance folks coming knocking.  Want to go a step further?  Automatically encrypt an email containing an SSN as it is sent removing the the dependency on the end-user to use a tool other than their mail client.

Do these three things and you will see immediate cost and risk reductions without having to come up with a master solution to the "email problem."