• Do you or your agency have an established policy regarding e-mail usage?
  • Do you or your agency provide guidelines with regard to e-mail retention and proper documentation?
  • Do you use virus detection software?
As an insurance agent or agency owner, if you answered 'no' to any of the above, then it is time to reassess your e-mail security procedures and practices. Keeping your e-communication policies up to date is an essential part of doing business in today's technologically savvy world.

With the proliferation of e-mail as a major vehicle for correspondence between insurance agents, agencies and their clients, you need to establish guidelines and best practices to maintain quality control. And, as those who work with agents E&O claims have found, proper documentation of the client's transactional file can greatly limit your exposure and permit a successful defense in the majority of E&O claims.

E-mail Communication Policy

The basic tenets of an e-mail communication policy begin with the definition of the proper usage. There are several things you need to consider in order to develop a comprehensive e-mail policy.
  • Determine your position on e-mail. What is acceptable use of e-mail within your business? For example, can it, or should it, be available for personal use?
  • Set size restrictions and develop systems gatekeepers to block large files. You need to decide if size restriction on file attachments should be employed and if so, what is the restriction size? Many businesses cap the size of an attachment at 5 MG or less to prevent large blocks of data from being transmitted.
  • Do you and your staff know how to craft proper e-mail messages and are you willing to provide guidelines on creating e-mail messages? Agencies should consider providing an e-mail etiquette course or developing a manual for employees that provides suggestions and recommendations on writing e-mail content, tone of e-mail messages, how to write a subject line, use of spell checkers and proper grammar.
  • Outline "acceptable" and "unacceptable" usage:
  • Acceptable Use: client communication, internal communication, vendor communication may all be deemed appropriate communications via e-mail.
  • Unacceptable Use: many businesses do not allow pornographic, obscene, insulting or threatening e-mails, chain letters, jokes, or solicitations for personal gain.
  • Be sure that your e-mail system utilizes password security. Learn how to create and use strong passwords. For example, use passwords with at least eight characters including letters, numbers and symbols. Passwords should not be the name of your spouse, pet or favorite vacation spot.
To Keep or Not to Keep

Striking a balance between enjoying the efficiencies of e-mail and ensuring proper documentation can be challenging. But in the eyes of the law, e-mail CAN BE considered a business record. By using unstructured e-mails without guidelines for documentation, you could be getting more efficient in the wrong activities. Lack of documentation is the single leading cause of paid losses in E&O claims.

While a well-documented e-mail file will not prevent lawsuits or disputes from arising, it can be an important tool in defending against claims. Therefore, as an insurance agent, your e-mail should be understandable and complete enough to be accurately interpreted if read on its own.

E-mails should not contain anything detrimental regarding your business or clients. This means that agents and employees should be given comprehensive guidelines as to what to retain and what to delete.

There are many types of e-mail messages that should be retained indefinitely. The following is a list of some that should be considered:
  • Any messages dealing with litigation, subpoena, or anticipated litigation or subpoena.
  • Any client communication or business -related e-mail that is sent to an external party.
  • Any messages dealing with employees, employee issues or personnel data such as: vacation requests and policies, family leave, compensation and employee reviews, other employee administrative messages, recommendations, administrative actions.
  • Any communication that have records retention requirements mandated by statutes, regulations or other laws, such as regulatory, financial reporting, tax, employee matters, or anti¬trust information.
As more and more court cases highlight the legal liability that e-mail can create, agents and business owners need to impress upon employees that all e-mail is the property of the business and, as such, is subject to review without notice, or in the event of an audit or legal situation, could become evidence. To that end, you must also establish clearly and succinctly what should always be retained and what can be deleted.

Viruses, Hoaxes and Spyware - the Triumvirate of System Doom

The main conduit for virus proliferation is through e-mail. And, not all viruses are transmitted through personal e-mail. Viruses can be attached to e-mails that "look" like business e-mails. Agents and business owners need to educate employees to be aware of suspicious e-mails - those whose origin may be questionable, unidentifiable or suspect. These e-mails should be deleted without opening, or immediately forwarded to your security IT group.

There are several reliable software programs in the marketplace designed to detect viruses, spam and other threats to your business computer system. Most businesses today could not function for long without such a system.

Additionally, many software companies provide resources which you can utilize to check on threats. Three companies that provide security software also provide web pages that will give companies and consumers information on the latest threats. These web pages are maintained by McAfee, Sophos and Symantec. Even if your business does not own this software, you can avail yourself of the website information to assess any threats.

McAfee's web page provides users with up to date information and threat assessment on viruses and hoaxes that are transmitted via e-mail.
http://us.mcafee.com/virusInfo/default.asp

Symantec maintains a webpage dedicated to threats called "Threat Explorer." Here you will find up to the moment data on the latest hoaxes, viruses, spyware, adware, and joke programs. The site provides details on the threat, how to recognize it and how to remove it.
http://www.symantec.com/business/security_response/threatexplorer/risks

Sophos, an alternative to the industry twosome of McAfee and Symantec, provides a "Threat Analysis" section which contains a listing of all viruses - their names, damage they inflict, how to protect against and when detected and how transmitted. In addition, it also maintains sections on spyware and adware and hoaxes.
http://www.sophos.com/security

Effective e-communication strategies will provide a defense for agents and agencies against system error, loss of documentation and system infiltration. Basic practices will lead to best practices, and enable you to protect your data and business.

*This information does not purport to be nor should be construed as legal advice and is not intended to replace professional/legal guidance on compliance issues that pertain to your organization. It is strongly suggested that you seek advice from recognized compliance experts and competent legal counsel, to advise about and determine your needs. The NAIFA Professional Liability Insurance Program is administered by Affinity Insurance Services, Inc.; in CA, MN and OK, AIS Insurance Agency, Inc. (CA Insurance License #0795465) and in NY, AIS Affinity Insurance Agency.

X-6768-808

Download the article as a PDF

Risk Management






McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams


Insurance License Information
© 2009 Affinity Insurance Services, Inc.
NAIFA-endorsed Professional Liability Insurance Program