At first glance, user access to mailboxes and emails can seem reasonably straightforward. However, there is a wide variety of reasons why a company or an individual may need to grant or restrict access to certain emails.
While every situation may be different and protocol will vary, ensuring policies and processes are in place can help prevent complications further down the line. Granting access to mailboxes can cause legal problems, so maintaining best practices is incredibly important to protect everybody at every level.
Here are some things to think about when your IT company receives a request to access another user’s mailbox.
Permission and Authorisation
In an ideal situation, nobody from any company would randomly request access to another person’s emails. If a request is made, there should be an existing process for the IT company to follow to ensure that permission is authorised and granted by the right people.
If no official approval process exists, the technician should refer the request back to the company and not just grant access, even temporary access. Permissions and authorisations should be carefully defined in advance so that in emergency situations where delays could be costly, the IT company is not pressured to grant access.
Authorisation and permission should always be in written form and not given verbally unless the conversation is being recorded. Having clear documentation from the company may be important later on if access is disputed or harmful practices are found. Often, HR work alongside legal departments to put policies in place so authorisation is clear and never in doubt.
Types of Access
Aside from determining who should or should not have access to other users’ mailboxes, the type of access granted will vary from situation to situation. No IT company should assume that full access should be given.
While some situations may call for complete access, including using, editing, sending and more, at other times, viewing access may be sufficient. Reviewing and monitoring are sometimes standard practices for line managers, but full access may be unusual and require additional support and permissions.
The other thing to consider when giving a type of access is the level of transparency. Sometimes the end user is aware their emails are monitored as part of standard business practice. However, there are some occasions when access needs to be given without informing the user. Again, ensuring the correct permissions and authorisations are in place is crucial for this type of access and documenting the access may be needed for legal reasons.
Data Levels
Another often overlooked aspect of granting access is the amount of accessible data. In some situations, giving access to a full mailbox may be impossible unless a machine has the space to store the associated data.
The mailbox size may require additional support for access to be granted on another machine. This includes but is not limited to cached files. For example, caching a mailbox may take up more space than is available. Limiting access and availability and using cloud storage may be more appropriate and efficient. A delegated access mailbox may be enough for business functions instead of unnecessarily creating an additional mailbox.
Best Practices in IT
As technology remains at the heart of business and laws surrounding data protection and access remain crucial, maintaining a standard of IT support becomes vital. IT support companies should operate using a set of practices and standards to ensure that accessing emails, sharing data and granting permissions are closely controlled.
For more information on implementing a set of IT best practices or to discuss data protection and permissions, get in touch with us today.
