Danger: Don't wile away your career on IM

Related News

• Central Perimeter market thinking over long term
• Taking a gamble on wireless world
• Local firms being sold at record pace
• Haynie’s move to California makes local tech quake
• Study: Most Minnesota Internet users use instant messaging

Every time an employee logs on to an instant message (IM) system at one of The Weather Channel's 800 desktop workstations, he or she gets a subtle warning of just how dangerous the practice can be. An automated pop-up window tells users to be extremely careful before typing anything they would not want to show up in tomorrow's newspaper headlines.

"It's a reminder that IM is not a secure method to communicate and it should not be used to transfer files or send sensitive information," said John Penrod, director of network architecture at the cable channel's Cumberland/Galleria-area headquarters.

Once the realm of computer geeks, IM has become a valuable corporate tool used by executives to send routine messages and to connect far-flung colleagues in real time. But the immediacy of IM opens the business to a whole new set of problems and security challenges. Employers can deflect many of the issues by implementing a strong company policy regarding IM use.

More than 90 percent of U.S. companies use some form of instant messaging software, according to Osterman Research Inc. in Black Diamond, Wash. However, fewer than one in eight firms has any kind of corporate IM policy. America Online Inc., which boasts the world's largest IM network, ranked Atlanta as the seventh-busiest IM market in the country.

"I tell my clients that they should never put anything in an instant message that they would feel uncomfortable repeating on the witness stand," said Sarah Pierce, partner with Atlanta-based law firm Ford & Harrison LLP.

Pierce said any company that uses IM should have written policies in place for its own protection and that of its employees and customers.

"The policy should define what about IM is appropriate, when it can be used, when not to use it, the parameters of use and professional conduct, just as you would have with any other technology," she said.

Failure to have a stated policy could leave a company open to legal action if, for example, one employee uses IM to sexually harass a co-worker. A written policy is often a company's first line of defense. Its absence could, in effect, implicate the company in the employee's misdeed.

"An instant message is a written document, the same as a letter, an e-mail or a memo. It can often be recovered and used as evidence in a lawsuit," Pierce said.

As valuable as IM can be, it also can be significant security threat. Akonix Systems Inc., a San Diego IM security firm, in September identified 25 new computer viruses specifically targeted to IM systems, the highest monthly total of new threats ever.

A solid company IM policy should cover not only what not to send, but what not to receive. Sophisticated hackers have been known to create instant messages that look like they were sent by someone the user knows, a process known as social engineering. The incoming message may include a link or small file that, if downloaded, could ignite a virus in the user's corporate computer network.

Security threats are big business for a number of Atlanta firms such as Internet Security Systems Inc. (Nasdaq: ISSX), CipherTrust Inc. and Vigilar Inc., which provide varying types and levels of hardware, software or consulting services.

Although the best technology available can help lock the door to incoming IM threats, a single human mistake still can open it. That's another reason Penrod said a company needs a strong IM policy. "The first step is education," he said. "Regardless of the size of the company, you need to educate people about the risks."

Corporate IM policy best practices

1. Don't ignore the threat. IM use is growing. Companies should recognize both the convenience and potential problems. IM can be a valuable business tool when used properly.

2. Education is key. Employers that permit the use of IM must instruct employees frequently on what may, may not and must not be transmitted via IM.

3. Make it official. Companies should have a carefully crafted company policy regarding IM use. Such a policy can help mitigate any damage that results from employee misuse.

4. Use the front-page test. Nothing should be sent via instant message that the sender would be embarrassed by should it appear on the front page of tomorrow's newspaper or that the sender would be uncomfortable saying on the witness stand.

5. Keep an eye on IM. Control the IM features to which employees have access, monitor messages for sensitive information and archive IM messages. Such practices should be disclosed in the corporate policy.

6. Make sure security systems are up to date. IM can expose holes in network security.

• Print
• Email

Reader Comments

• More News Headlines
• Popular News Stories