Monday, September 29, 2008

Do You Use Unprotected Instant Messaging? You Leaved The Backdoor Opened!

Everyone PC user has heard of Instant Messaging software or IM. Depending on your generation, you either are an avid user or your children use it. What started out as a social networking tool for adolescents on the home computer is now gaining recognition in the office environment as an alternative communication tool. Do you know all of the capabilities and risks of this casual tool?

Instant Messaging use has merit - it is quick, direct and conversational - like a phone conversation, yet you can still multi-process it supports group talk - several people in one conversation or session accounts and
usage is typically free via the major providers - MSN, Yahoo, AOL Since it is often not formally implemented by the company as a work tool, it is considered personal and lacks oversight. Many employers do not even have a written usage policy. IT views it as one less area to monitor and support. Here is where the problems can begin.

Two factors every employer needs to consider if you opt to ignore IM in your workplace:

With the recent Supreme Court clarification on e-discovery rules, responsibility and accountability for workplace behavior lies with the employer. Any digital data stream that occurs on a company asset (i.e. workstation, laptop) is subject to review and retrieval upon request. The history span covered is usually three to seven years, depending on your industry's compliance initiatives (i.e. SOX, HIPPA, NASD, etc.). An employer needs to show reasonable efforts to manage the entire corporate network. A company also needs capability to produce specified content reports and dialogues on requested employee(s) over a given time period. Typically, the courts allow up to thirty days complying. Failure to deliver has shown favor to the plaintiff in recent cases and in some rulings, punitive fines for non-delivery were rendered as well. That's the legal consequence and can be a daunting enough reason to take measures for controlling IM.

IM technology has become more versatile, and is continuing to evolve. You can still chat with your friends as originally designed. However, did you know you can also play interactive games, gamble, watch videos, draw on whiteboards, video chat or transfer files of all sizes? All of this activity is outside the network's scrutiny - 'under the radar' - with no record of activity. This is becoming a preferred way of passing along new viruses, mailware and worms.

Conclusion

Left unchecked, at minimum it can cost you productivity and bandwidth. It also can become a conduit for losing Intellectual Property, attracting viruses, sexual harassment, litigation or more. Your company could be in line for a PR nightmare and costly litigation.

A common reaction for a company is to 'shut it down and do not allow any IM'. Are you sure that is effective? We had a large prospect that was positive no personal IM took place on their corporate network due to controls they put in place. They allowed us to monitor (look only) at their network environment for one week with our systems. We counted 1.6 million unsanctioned messages that crossed their network - unchecked or tracked.

Instant Messaging is not coming - it is here. The laws now say we need to manage the technology the same as we do for email.

Enclave Data Solutions works with companies to assure their data and messaging is in compliance and secure. Our solutions are state of the art, quick to implement, cost effective and provide the comfort to know your data is secure. A phone discussion is a great way to assess your environment and what would be the best action plan. Visit our website Enclave Data (www.enclavedata.com) to learn more.

You have the responsibility to maintain your company's digital environment, with the right tools you can now also have the control to assure compliance and protect your company's assets.

1 comment:

Anonymous said...

You are totally correct about the vulnerability that a company faces when IM is not secured or monitored. IM is now a staple in the workplace and companies need to protect themselves and their employees. It is clear that eliminating IM is not realist option and can adversely effect productivity.

Durov: The phone of the richest man in the world was hacked through WhatsApp.

The founder of "VKontakte" and Telegram Pavel Durov said that back in November 2019 he warned about the vulnerability of the Whats...