Wednesday, October 23rd, 2002
What do the allied navy ships in Operation Enduring Freedom, e-Bay, and Merrill Lynch have in common? They all use enterprise instant messaging to stay in touch.
Instant messaging (known as “IM”) is the Internet equivalent of passing notes in class. IM differs from e-mail because IM occurs in real-time and allows users to see when others are online.
According to Edward Isaacs, a senior network engineer and security consultant with Keane (an IT consultancy), IM moves quicker than e-mail because it either utilizes a single server that is configured for fast communication or, in some two-party communication, no server at all. By contrast, e-mail often runs through several slower servers.
Aids productivity, slacking
Businesses are learning what consumers already know — IM can save time. For productive workers, IM can boost efficiency by enabling them to gather information quickly without losing time waiting for return e-mails and voicemails and without having to engage in the polite chitchat necessary in phone calls. But IM also enables a lazy employee to yak with buddies while appearing to work.
Currently, according to the Meta Group (an IT consultancy), about 150 million people worldwide use IM for corporate and personal purposes. Of those, 5 million are business-sanctioned users, and the Meta Group estimates that number will reach 200 million by 2005.
Wall Street financial firms have adopted IM to please their clients. CS First Boston, Goldman Sachs, JPMorgan, Lehman Brothers, Merrill Lynch, Morgan Stanley, Salomon Smith Barney, and UBS Warburg recently implemented an IM system that connects them to each other as well as 2,000 institutional investor clients. These investors demand IM so they can move transactions quickly while ducking the sales pitches.
If a company has many employees, unless that company has taken technical steps to block use of free IM systems, it’s almost certain that some employees use IM at work. Free, consumer-oriented IM systems (AOL, ICQ, MSN messenger and Yahoo!) have invaded many workplaces.
According to Isaacs, companies can stop most IM use by blocking certain computer ports. Savvy users can evade such limits, so to be free of unwanted IM, a company must tightly control what can be downloaded on its computers.
Like e-mail, free IM can open the door for viruses and spyware. IM users often fall for “social engineering” – the intimacy of IM lulls them into accepting a download (such as a song) containing a harmful payload. Because free IM enables users to pick any online name, pretenders can dupe users.
According to Isaacs, virus scan software can be configured to automatically scan attachments, whether attached to IM or e-mail. Yet most computer users don’t set their virus scan software to do so and don’t scan IM attachments at all.
Also, free IM systems are not encrypted. Then again, most corporate e-mail isn’t encrypted either. Still, some folks say things in the immediate and intimate environment of IM that they wouldn’t say even in e-mail.
Some companies utilize corporate IM packages, such as Lotus Sametime and Microsoft Exchange 2000 IM Service, to control these risks. Such corporate IM can be contained behind firewalls and encrypted. Also, corporate IM packages control username selection to prevent identity fraud.
Also, corporate IM systems can be closed (permitting communication only with others in the company) or opened to only some other IM systems. Thus, it’s possible to give employees IM access that’s likely to be used for business purposes while blocking free IM systems and the cyberloafing they facilitate.
Controlling legal risks
As with e-mail and voicemail, IM creates the risk of recording improper conduct, which creates legal risks for employees and employers. It can provide a perfect record of harassment or discrimination, or of disloyal conduct or of theft of company property, such as trade secrets. Also, free IM systems can be used to trade unlawfully in copyrighted music files.
To address such risks, corporate IM systems offer the ability to archive and monitor IM traffic (just like e-mail), so that managers can watch for improper conduct. Indeed, in some situations, management may have a legal duty to monitor IM traffic and take action if it suspects its employees are using IM for illegal activity.
Indeed, in some industries, regulators require monitoring of IM. For example, the SEC requires logging and archiving of IMs by exchange members, brokers and dealers.
Thus, employees using corporate IM systems should be on guard. The IM freeware ICQ stands for “I seek you.” With corporate IM, perhaps that mantra should be “we watch you.”
By John B. Farmer
© 2002 Leading-Edge Law Group, PLC. All rights reserved.