The advantage of instant messaging is that it is, well,
instant. Office workers use it to exchange quick opinions about
something work-related, or even to make jokes during a boring
conference call that drags on for hours (I know, I've done it).
However, when they need to send that all important document to the
boss or to a client, they use that older sibling, e-mail,writes Ionut Ionescu, member of the(ISC)²European Advisory Board.
IM can be a great collaboration tool, or a time-consuming
distraction. I have seen good collaboration between employees when
they were on a well led conference call with a defined agenda,
using just good old voice and no IM. I have witnessed even better
collaboration when staff actually met in one room (or used a good
quality video link) and discussed ideas using a white board. I like
the instant voting opportunities you get with IM and with some VoIP
clients, but I would not classify them as essential business
tools.
Of course, I have seen irate users, especially in marketing and
sales departments, claiming that their world would end without IM.
I guess every business has to weigh the advantages against the
inherent risks.
I have not yet encountered a work situation where employees
could not accomplish their objectives or daily workload because
they could not use IM.
My advice to companies would be to allow it internally, but to
block any IM activity with the outside world. That way, the chances
of connecting inadvertently with a stranger and disclosing company
information, or of clicking on a malicious link, would be
reduced.
I don't think that the risk of clicking on a 'bad' IM link is so
big, given that most organisations should have by now made their
users aware of the dangers of indiscriminate clicking on links and
attachments in e-mail.
I see another, perhaps more subtle, risk: given how easy it is
to ping IMs (watch teenagers hold multiple IM conversations
simultaneously), it can also lead to one dropping their guard and
either becoming too familiar in their dialogue or disclosing
something that could be later used to embarrass or harass a
employee.
In summary: do internal awareness training of the risks, then
allow it internally, block it externally and use DLP software to
monitor what's going on.
Read more expert advice from the Computer Weekly Security Think
Tank >>