Like e-mail, IM needs rules when used at work

Companies must begin putting in place instant messaging (IM) policies similar to those governing e-mail communications and use, or risk security breaches and possible legal difficulties in the future, according to an expert speaking at the recent NetworkWorld Conference and Expo in Toronto.

Brian Mulvey, senior product manager, applications for Waltham, Mass.-based Akonix Systems Inc. said whether companies know it or not, IM has become entrenched across the enterprise. Employees have downloaded any number of free IM solutions, from Microsoft or Yahoo for example, and are using IM to not only keep in touch with friends and co-workers, but with business partners and clients.

“It has been skyrocketing in the last few years, to the point where 95 per cent of enterprises today have somebody who is using IM,” Mulvey said. “Most companies are surprised when they discover the volume of use being made of IM in the enterprise.”

In many cases, IM is being used in place of e-mail and other traditional communications means because of its speed and instant connectivity between persons. According to Mulvey, statistics from Stamford, Conn.-based Gartner Inc. show IM has reduced e-mail usage by 40 per cent and telephone costs by 30 per cent.

“IM is just the start of a new wave of communications,” Mulvey added. “It is more than just the popular chat function, but it is becoming a way of leveraging presence awareness, of knowing when your customers are online and that you can reach them at any time and that you can reach your co-workers at anytime.”

But lost in all the business benefits is the fact IM brings with it some serious security concerns. Most popular IM programs work by bypassing or tunneling through firewalls, opening up the network to such exploits as virus and Trojan attacks. In the last year, over 50 kinds of attacks and exploits appeared specifically targeting IM systems, according to Mulvey.

An even greater problem is how IM is used. Too often workers will use IM to send private or confidential corporate information to each other or to others outside the business without realizing the information is not secure.

“If you look at the number of personal conversations and chats people are having about budgets, all of which is going in clear-text across the Internet to some unknown server, it can be pretty shocking,” suggested Dan York, director of product management for collaboration with Mitel in Ottawa. “That exchange may be happening between two people on different floors in the same company, it is still going over the Internet and to some big servers somewhere…you have no control over.”

York added companies must put in place security and use policies for IM similar to the ones companies have put in place for e-mail communications. According to Mulvey, companies must establish comprehensive, written IM policies, educate employees about the risk of using IM and the rules and regulations governing IM use in the company. They also need to implement an enforcement mechanism to help enforce policies and prevent malicious viruses or code from entering a network through IM.

QuickLink 059152

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now