By now almost everyone has heard of Instant Messaging or IM. Depending on your generation, you either are an avid user or your children use it. What started out as a social networking tool for adolescents on the home computer is now gaining recognition in the office environment as an alternative communication tool. Do you know all of the capabilities and risks of this casual tool?
Instant Messaging use has merit –
it is quick, direct and conversational – like a phone conversation, yet you can still multi-process
it supports group talk – several people in one conversation or session accounts and
usage is typically free via the major providers – MSN, Yahoo, AOL
Since it is often not formally implemented by the company as a work tool, it is considered personal and lacks oversight. Many employers do not even have a written usage policy. IT views it as one less area to monitor and support. Here is where the problems can begin.
Two factors every employer needs to consider if you opt to ignore IM in your workplace –
With the recent Supreme Court clarification on e-discovery rules, responsibility and accountability for workplace behaviour lies with the employer. Any digital data stream that occurs on a company asset (i.e. workstation, laptop) is subject to review and retrieval upon request. The history span covered is usually three to seven years, depending on your industry’s compliance initiatives (i.e. SOX, HIPPA, NASD, etc.). An employer needs to show reasonable efforts to manage the entire corporate network. A company also needs capability to produce specified content reports and dialogues on requested employee(s) over a given time period. Typically the courts allow up to thirty days to comply. Failure to deliver has shown favor to the plaintiff in recent cases and in some rulings, punitive fines for non-delivery were rendered as well. That’s the legal consequence and can be a daunting enough reason to take measures for controlling IM.
IM technology has also become more versatile, and is continuing to evolve. You can still chat with your friends as originally designed. However, did you know you can also play interactive games, gamble, watch videos, draw on whiteboards, video chat or transfer files of all sizes. All of this activity is outside the network’s scrutiny – ‘under the radar’ – with no record of activity. This is becoming a preferred way of passing along new viruses, malware and worms.
Left unchecked, at minimum it can cost you productivity and bandwidth. It also can become a conduit for losing Intellectual Property, attracting viruses, sexual harassment, litigation or more. Your company could be in line for a PR nightmare and costly litigation.
A common reaction for a company is to ‘shut it down and do not allow any IM’. Are you sure that is effective? We had a large prospect that was absolutely positive no personal IM took place on their corporate network due to controls they put in place. They allowed us to monitor (look only) at their network environment for one week with our systems. We counted 1.6 million unsanctioned messages that crossed their network – unchecked or tracked.
Instant Messaging is not coming – it’s here. The laws now say we need to manage the technology the same as we do for email.
We work with companies to assure their data and messaging is in compliance and secure. Our solutions are state of the art, quick to implement, cost effective and provide the comfort to know your data is secure. A phone discussion is a great way to assess your environment and what would be the best action plan. Visit our website Enclave Data to learn more.
You have the responsibility to maintain your company’s digital environment, with the right tools you can now also have the control to assure compliance and protect your company’s assets.
Dan Schutte is the President of [http://enclavedata.com] in Centennial, Colorado. Enclave specializes in messaging security, content filtering, anti-spam software, email/IM archival and compliance. Visit our [http://www.enclavedata.com] to read actual Case Studies of how companies have successfully protected their data network and met complianc