Once considered the medium of chatty teenagers, instant messaging (IM) has grown into an important business tool. Its ability to show presence and facilitate instant communication has made even e-mail seem slow and cumbersome. Nowadays, financial traders use IM to make quick trades, customer service representatives use it to communicate with clients, and everyone else uses it to stay in contact with colleagues, family, and friends.
Recent studies suggest that there are over 140 million corporate IM users, although not all at-work use is sanctioned. Some IT departments have concerns over the security of messaging applications, and for good reason. In recent years the number of viruses and worms spread over IM has risen dramatically. On top of these technical concerns, companies are also worried about the transmission of sensitive of confidential information over IM.
While messaging is indubitably convenient, security experts recommend that companies take a closer look at their IM security.
One of the first and most important steps is establishing a policy for acceptable use of chat applications. The policy should include guidelines on who will be allowed to use the technology and what is appropriate to discuss over IM. The policy should also make clear which IM platform the company has selected, and whether it will be using encryption, secure log-ons, or other features to safeguard corporate communications.
Having a policy and enforcing it may be even more important if your company decides to use a free public IM product, because they don’t offer the same kind of security features as enterprise solutions. So, if you chose a free consumer chat app, your company policy should clearly state that no sensitive or confidential information can be discussed via IM.
Another concern about consumer products is that they effectively punch a hole in your company’s firewall. If IM use is prevalent in your organization and essential to the day-to-day running of your business, you should invest in an enterprise messaging solution that sits inside your firewall.
Companies such as Jabber and Microsoft offer enterprise IM products that route messages locally instead of through the public network. Enterprise products also offer features such as encryption, auditing and reporting that can help companies with knowledge management and accountability.
IM appliances are another popular solution. Appliances can route messages within the corporate network as well as interface with public IM networks. When communicating with public networks, they act as proxy servers that sit between the private and public networks, scanning for viruses, worms, IM spam –known as spim — and other possible threats before allowing messages through.
Appliances offer centralized management features, and they can even monitor conversations for impropriety. Monitoring employees’ chats may seem intrusive, but it’s worth remembering that everything that you write in electronic communications – including in a chat window – can easily become public.
For companies that deal with extremely sensitive data, such as health care or finance, you may want to go one step further and get a product that can filter specific keywords or number patterns. With these filters, a social security number, for example, could be flagged and disallowed across the network.
While IM presents companies with a host of advantages, it’s important to assess the risks and take steps to safeguard your network. Your messaging may be instant, but security always takes planning.