Smart staff are saving time at work by using SMS,
instant messaging and blogs to communicate and share
information – but they could be putting company
data at risk
British Airways CitiExpress crews now get new flight duties and
maintenance updates via one of the simplest communications methods:
text messages to their mobile phones. They use a device they know
well and that is always with them, and a network that covers the
world.
Such business use of consumer communications and team working
technologies that have become second nature is growing quickly as
users spot opportunities for using mobile phones, instant messaging
and personal blogs to save time at work.
The trouble is that sharp users are often introducing these
technologies on their own initiative, without reference to anyone
else - and this is building up big problems for IT directors and
their security managers, say industry observers.
First the good news. Texting using the Short Message Service
(SMS) has the widest potential use because most people carry a
mobile phone and SMS is available pretty much worldwide, says
Michael Kowalzik, chief executive of TynTec, a UK company providing
private services to organisations including British Airways,
Unilever and consultancy Accenture.
"SMS is well established, so it works and is reliable and people
know how to use it," Kowalzik says. "This means the total cost of
ownership, in terms of training and maintenance, is very low.
"SMS beats voice if detailed information is involved, such as
addresses, phone numbers, dates and times. With voice, the person
has to be able to write down the message accurately, which might
not be easy for a salesman on the road or a manager travelling
between meetings or picking up a voicemail. With SMS, the details
are listed on the phone display. Information can be received and
looked at discreetly without interrupting a meeting. And text
messages are typically much shorter than voice messages passing on
the same information, so there is a cost saving too.
"Unilever, for example, is using our service to tell sales
people about latest promotions, and to let executives know of
changes to their travel arrangements.
"SMS also has advantages over e-mail: with e-mail you need
access, and you might miss an important message amid all the
hundreds of others."
Instant messaging is another technology that beats e-mail, in
terms of instant response: in effect, it provides all the
facilities of e-mail but as a real-time chat between people who are
online at the same time.
Like SMS, instant messaging has evolved into a business
communications method from a consumer activity, in this case
introduced by internet services. But it now looks set to make huge
impact in business.
"Instant messaging has the potential to create a new order in
electronic collaborative working," says Graham Titterington,
principal analyst at industry research group Ovum. He has produced
a report on this area with the e-business trade association,
EEMA.
"Our study of the business view of instant messaging shows that
it helps organisations make decisions faster, fosters better
communication, reduces voicemail, is widely used to improve
communications with home teleworkers, and has potential for
managing crises that has not yet been recognised."
The real-time nature of instant messaging was highlighted by a
European survey by security software supplier Sybari Software which
found 81% of respondents putting this benefit top of the list.
"Real-time text discussions harness our ability to multitask and
break through typical organisational barriers to increased
productivity," says Julian Bogajski, commercial director, Sybari
Software UK. "For example, users can be on the phone to a client
while using instant messaging to gather information from colleagues
to solve the problem or close the sale.
"Users can share ideas and get feedback immediately. Work groups
can meet for focused conversations without long-distance phone
charges."
Long-distance calls can be cut by 30%, e-mail use by 40% and
voicemail use by 15%, says research group Gartner - which also
believes instant messaging will overtake e-mail as the preferred
communications method next year.
While e-mail is now firmly at the heart of the enterprise, the
emergence of blogging in business once seemed unlikely. It, too,
started as a consumer phenomenon, in the mid-1990s, with people
using simple software to put on the web their diaries, political
views, comments about the news and anything else under the sun.
Companies are now catching on and using blogging in different ways,
ranging from top executives putting up their diaries and daily
thoughts - sometimes less than subtly marketing their organisations
- to experts passing on tips or useful websites.
"Blogs are time stamped by their very nature, and this can give
them greater value than many standard web pages, where it is not
always obvious how old the information is," says Ian Charlesworth,
senior analyst at research firm Butler Group.
"Organisations are discovering that simple blogs can help
drastically improve information flows between people with a vested
interest in sharing information. They might be in customer support
or product development, or in virtual project teams, which might
include people outside the organisation. There are many levels of
user who would benefit from the ability to put information on a web
page for access by peers," he says.
Charlesworth believes blogging can encourage experts in an
organisation to share their often jealously guarded knowledge,
"Experts are often hard to track down and can resist demands to
share their knowledge. But when like-minded experts collaborate,
they typically engage in free-flowing dialogue, eagerly sharing new
ideas.
"Blogs can be a way of facilitating or capturing these highly
valuable thoughts and information exchanges," he said.
Charlesworth thinks this could be the start of something big.
"The casual and relaxed nature of blogs seems to resonate with all
levels of people. Most blogs are updated several times a week, if
not daily - at the owner's free will.
"If this behaviour can be translated to an organisational level,
we might take a significant step in cracking the knowledge
management conundrum," he says.
The quick impact of these collaboration methods and their
business benefits is largely due to their origins as easy-to-use
consumer technologies - but this raises some big issues for IT
managers: issues of security, control and government
regulation.
With all these electronic collaboration tools, users can start
using them at work with no reference to the IT department or anyone
else. Everyone has a mobile, and software and services for instant
messaging and blogging are freely available on the web and simple
to install and use. This, in effect, means consumer technologies -
and consumer attitudes - are being taken into work by staff.
"Virus writers are now shifting the focus of their attack to
instant messaging, which is seen as a largely unprotected route
into an organisation," says Jon Sakoda, chief technology officer at
business instant messaging software supplier IMlogic. "Most IT
organisations have e-mail or web infrastructure to protect their
networks against attacks from the internet, but few have adequate
protection against complex threats via instant messaging."
Last year, IMlogic set up the IMlogic Threat Centre with support
from companies such as Microsoft, Symantec and Yahoo as a centre of
information on weaknesses and to provide advice. In the first
quarter of this year, the centre found the number of reported
attacks via instant messaging grew by 50% a month, and 30 new virus
and worm threats appeared. Inevitably, spam, known as spim in this
area, is growing. It represents 10% of traffic and is bringing in
spyware and other nasties associated with normal e-mail - except
that companies usually have protection and policies on e-mail.
Use of consumer products outside the IT department's control or
knowledge raises other security issues. Sakoda says, "Most consumer
instant messaging systems allow people to create anonymous
identities. How would you respond to a message apparently from
your.boss@your.company.com?
Such IDs could be used maliciously, and in phishing attacks on
staff to get company information such as user names and
passwords."
Company vulnerability here is underlined by a UK survey by
market research firm YouGov for business instant messaging supplier
Akonix. More than 15% of people said they had used instant
messaging at work to send or receive sensitive company information,
including sending it outside the organisation. More than half used
it to chat to friends while at work - this figure rose to 80% among
those aged 18-29. And 25% of this younger group used it to download
music at work - probably often illegally, putting the organisation
at legal risk.
"It is frightening what people will send and discuss over
instant messaging," says Mike Maddison, director of enterprise risk
services at consultancy Deloitte. "There is a lack of control and
auditing of information being sent and received. The absence of
encryption makes eavesdropping fairly simple. Financial
organisations face particular challenges, because of requirements
to log and store communications, for example between traders."
With instant messaging using public internet services, messages
are usually lost once the user logs off.
Maddison points out that many of these issues also apply to SMS,
which has the added risk of the theft of a mobile phone with all
its messages and numbers.
Blogging has all the risks of unprotected websites - and more,
says Maddison. "As with a website there are risks of being hacked
and having false information posted. The nature of blogs means it
may be harder to detect and prove that an employee was or was not
responsible for information posted.
"Staff disclosing confidential or proprietary information can
negatively impact a business and may mean regulatory violations for
the organisation. Incorrect or misleading information can cause
severe reputational and financial damage."
Most of these issues - virus and hacking prevention, information
security, audit trails, regulatory compliance - apply equally to
business e-mail, websites and other IT. The difference is that the
established applications are firmly controlled by the organisation,
typically through the IT department with network and information
security, sometimes e-mail monitoring and written policies on
online behaviour. This difference is highlighted by the YouGov
survey for Akonix: only 19% of companies had any technology to
manage or block instant messaging.
Suppliers are responding to the growing use of consumer
technologies with products to help IT departments take control.
Instant messaging systems, for example, typically check for
viruses, put controls on who can use the system, scan messages for
inappropriate text and provide audit trails.
SMS services such as TynTec's for British Airways use the
worldwide network but have their own communications centres to
guarantee delivery in specified times and again provide audit
trails.
IT departments will certainly have to work hard to get the use
of consumer technologies under control, according to the IMlogic
Threat Centre research: most employees questioned said they used
instant messaging for the very reason that it circumvented IT
security policy.
Getting control
Much of this checklist on instant messaging also applies to
other technologies introduced by users:
- Find out who is using instant messaging and which products, and
evaluate their use
- Assess the risk of current use to the organisation
- Educate users on the benefits and especially the risks
- Establish consistent company policies
- Decide whether public consumer systems are allowed
- Integrate file and content-filtering policies with instant
messaging
- Protect against virus attacks
- Centralise control - not least for legal protection
- Clearly document usage guidelines and communicate them to all
staff
- Track staff understanding of the guidelines
- Educate and train staff on the advantages so that the full
potential can be exploited.
Source: Sybari Software:www.sybari.com