Hi everyone! I could really use some advice regarding my company's push for NIS2 compliance. Although we're not technically required to follow it, we want to be proactive since many of our customers expect it. However, there's a big change that's causing headaches: we've been informed that sharing individual inboxes is now off the table. While we do have a few shared team mailboxes still in play, we usually rely on accessing each other's inboxes for continuity when someone goes on vacation or is out sick. This allows us to manage supplier quotes and customer communications effectively.
Instead, the plan is to auto-forward emails to a shared 'away inbox' when someone is unavailable, meaning we lose all the context from previous conversations. IT insists this is the only compliant method under NIS2, but my gut tells me there might be alternative solutions out there.
So, I'm reaching out to see if any of you have experience with NIS2 compliance. Is it true that sharing inboxes is no longer an option, or have you discovered workarounds that maintain both compliance and efficiency? Any insights would be greatly appreciated! And feel free to poke fun at me for being 'that sales guy' if you want.
4 Answers
In my experience, sharing employee mailboxes can indeed be a problem, especially in California or under certain European privacy laws. Even if an employee misuses their work email for personal stuff, sharing could breach their privacy rights. What might work better is transitioning to a CRM or other organized tool that tracks sales processes and keeps things compliant. It's all about finding a solution that helps everyone stay informed without crossing privacy lines.
Hey! I totally understand your frustration with the shared inbox situation during the NIS2 compliance process. From what I’ve learned, there isn’t a strict rule banning shared access to personal inboxes; the emphasis of NIS2 is on controlling and tracking sensitive data. Instead of losing that email context through forwarding, some sales teams I know have used tools that integrate Outlook with SharePoint, allowing secure email storage while keeping compliance in check. It might be worth looking into solutions like this to maintain workflow without jeopardizing compliance.
I get what you're saying! I think the issue here is likely an overreaction to compliance standards. Sure, NIS2 calls for accountability, but it doesn’t necessarily mean you must wipe out workflows that work well. Shared permissions with proper auditing could probably keep you compliant without complicating everyone's day-to-day. Good luck trying to convince your IT about that!
As a fellow Dane, I totally relate! That being said, I highly recommend reading the actual NIS2 law and any guides that are available. You'd be surprised how often these interpretations can be off-base. Your situation seems to hit on an XY problem; it sounds like the security team is using compliance to curb practices that might not be ideal for security in the first place. Just keep in mind that CRMs are perfect for managing your sales tasks and shouldn’t involve personal inbox sharing.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures