In order to correct a problem, you must understand what is causing it.  There is no dispute or disagreement about corporate email being a "broken" tool/process/technology.  The question is – what can you realistically do about it incorporating all the elements previously discussed here including habits, regulations, laws, and existing processes?  We’ll get to that.  For now, here is a way to frame the problem on two levels – Risk & Operations.

Risk

Targeting the risk aspects of email proactively has close parallels to why you have insurance.  You only need it if something happens.  Well, just as cars run into each other every day, your employees are doing things every day to that expose your firm to risk and possibly liability.  The "something" is happening!  It may not always escalate to an incident/investigation/lawsuit, but it does have real business impact.  Burying your head in the sand or deciding to address it after it happens is a less than prudent way to handle it.

Liability – every email sent is a date/time stamped record of activity and often get labeled as "smoking gun" emails because of the conclusive and indisputable truth they convey.

Retrieval headaches & discovery pain – firms struggle with finding it all in every nook and cranny as well as proving that their copy is authentic.  "We don’t have that one" is a plausible defense and puts the other party in the position of proving the one they have is real, authentic, and not altered/created to prove their case.

Operations

Email is a true business process tool as its flexibility and ease of use underpin every major business process in your company.  From how you invoice customers to how you negotiate contracts.  That means a lot of email every day from a lot of people.  Here’s the problem – it is losing its effectiveness because the meaningful stuff is being drowned out by the noise.

Volume and increasing recipient immunity – volume is growing at 20-30% CAGR and, as Malcolm Gladwell points out, we are building immunity to it.  There are things banging around your email network every day that don’t need to be there.  Go check your fancy copier/fax system – it sends email alerts when the toner is low.  Or find out the favored tool to check network performance.  My guess is that huge volumes of emails are sent to see how the network is performing.

Effectiveness and use as a direct communication substitute – it’s easier to send a message with capital letters and exclamation points than it is to have a face-to-face confrontation.  I use to work with a guy like this and some of his email rants were masterpieces but he would fold like a spanked puppy in a face-to-face encounter.  Email is not a substitute for conversation and definitely not a place for confrontation (see point on smoking gun above).

Ok great.  So now I have stated the problem.  I fundamentally believe that it is intellectually lazy to state a problem without being prepared with a suggested solution (reference post on "Spot it, Got it" for details). 

Stay tuned…

There are a variety of business, legal, regulatory, and even cultural issues associated with taking a proactive stance on email and addressing the risk that it brings to an organization.  We work with a variety of companies and although there are certainly industry and even company-specific nuances, a minimum threshold approach to regaining control over email applies.  So to really boil this down to basics, here is what you can do tomorrow (or even today) to not only mitigate risk but take real cost out of the messaging infrastructure.

1.  Perform an audit of your traffic to see what is really going on

Whether you use a company like MessageGate or perform this analysis yourself, take a look at what is going on and who/what sends and receives the most of what kinds of messages.  The results are eye opening and low hanging fruit abundant.

2.  Implement attachment parking

The 50% of your email volume that is MS Office files can be removed from the stream by stripping the attachment and replacing it with a hyperlink to a certain file share or even MS Sharepoint.  Doing this for internal traffic alone will significantly reduce server load, duplicate attachments floating around, and archive strain.  No workflow disruption, no end-user changes, and minimal technology (you probably already own Sharepoint even if you aren’t actively using it….yet)

3.  Implement end-user self-review for three specific things:

a.  Entertainment files over 70k (image, audio, video files) sent internally or externally
b.  SSNs being sent externally either in text or attachment(s)
c.  Inappropriate language internally and externally

The ONLY way to fix these organic business processes (and bad habits) is to increase end-user awareness.  The best way to do that is not through a training seminar or "email awareness email" but a real-time corrective response that the sender can control.  Want to send that spreadsheet full of SSNs outside the company?  Fine, you can override the warning but be ready with an explanation should the Privacy/Compliance folks coming knocking.  Want to go a step further?  Automatically encrypt an email containing an SSN as it is sent removing the the dependency on the end-user to use a tool other than their mail client.

Do these three things and you will see immediate cost and risk reductions without having to come up with a master solution to the "email problem."