Let’s Chat About Instant Messaging

Sometimes the reasons for and against instant messaging in the workplace are less than clear and seemingly arbitrary. Strong and sensible policies regarding electronic collaboration can alleviate the concerns and set the right tone. Take the case of Greg and Laura.

Greg’s a project manager wanting to make sure his far flung team can hit their deadlines and their budget. Laura’s the IT manager who has to maintain the system and protect the company from the risks posed by technology. They work for a company that has started implementing IM, but….

 

GREG: You there?
LAURA: Yes
GREG: Gotta minute?
LAURA: No problem. What’s your question?
GREG: I just got out of a meeting with Jack and Jill. Jack’s irritated because he just found out a lot of people here are chatting on instant messenger all day instead of working or waiting for the next meeting to start. Jill suggested we just accept it and then gave me the task of finding out about making some kind of company policy for it. I just want to make sure my team has the tools they need, and I’m not sure whether IM will help or hurt. Since you’re our IT person, I wanted to get your opinion.
LAURA: Absolutely. I’m working on a project, so it might take me a minute to respond sometimes, but I can multitask. ;-)
GREG: Thanks. Ok, so the first issue that comes to mind is security. I know the same threats to email also apply to IM, right? Worms, viruses, hackers, denial of service attacks, etc? Is there some way to protect us against this?
LAURA: Yes, you do have to be careful because worms and blended attacks can not only infiltrate your computer, but also spread to everyone on your buddy list. Hold on. There was this one called CodeRed…
LAURA: Yup: “While CodeRed was able to attack several hundred thousand Internet servers in hours, a well-crafted IM-based worm would have the potential to hit millions or even tens of millions of home computers or wireless devices in the same amount of time.” (from Symantec).
LAURA: You might want to look at their website, they have all kinds of info about IM that could help you: http://www.symantec.com/avcenter/reference/secure.instant.messaging.pdf. There’s some good stuff in that link I just sent. But also you might want to consider a few things like whether or not the IM system would be for internal communications only. Because if outside communications are allowed, then you have to consider encryption, security, and how the clients will be configured. Also, what information can employees send via IM? Because someone could be listening (reading, haha).
GREG: So, what are some of the best ways to secure IM? What if I wanted to IM you from another email account?
LAURA: If this is just for internal communication, we could employ a corporate IM system behind a firewall – that will help keep out hackers. However, that can be a little pricey since the infrastructure is all ours. We could also block file transfers outside the firewall. Let’s see – encryption would help keep out eavesdroppers. And you’ll for sure want to have up-to-date antivirus software.
GREG: Ok. Still, do you think this IM thing’s really a good idea? I still have some doubts about whether it’s worth the risks.
LAURA: I think it is. I mean, we have employees spread out everywhere. Some people work from home, there’s our offices in Boston and Denver, not to mention the office in India. And yes, there is the phone, and email, but inboxes and voicemails get full all the time. Especially Denver, have you noticed that? I can never leave anyone a message. If we used messenger, we could just ping someone a question and know they’re getting it immediately. But, nice part is, if they’re busy, they can ignore us until they’re free. That’s what I did earlier with you, haha.
GREG: Gee, thanks. LOL! You know, IM would probably cut communication costs as well… I guess you have a point, that would be convenient. Or, it would be especially convenient when I have meeting with Jack and Jill. Haha. Jack always makes it seem like this huge inconvenience that he has to take time out of his day to touch base with us. IM would be so much easier because then he could be in his office, doing his thing, and we could just message him if we have any questions.
LAURA: Haha, exactly. And, also nice, you can share files on IM, and if you’re with a group, everyone gets the file right away so you don’t have to wait for everyone to check their email, you know?
GREG: True. But… don’t you think that if we push IM out to everyone across the company and not just the folks here in corporate, people are just going to chat all day instead of getting work done?
LAURA: I think if you put together a clear policy, really communicate it, and enforce it, it would be ok. For example, my old employer would monitor our buddy list, and we’d get in trouble if we were talking to someone who wasn’t on the “approved” list. And while that was annoying, it did help keeping IM strictly for work purposes. I think IM actually boosts productivity, because people can talk instantly without even getting up from the computer, you know?
LAURA: George and Grace from Tech Pubs say they can’t live without it, especially when trying to get answers from the SMEs in Denver. You know you might want to check with them and a couple of the development teams to see how they’re using it, and what they’d be giving up if Jack decided to ban IM altogether.
GREG: Ah! Great idea. Ok, I guess my last concern is legal records. What should be considered part of the official company record?
LAURA: All conversations can be logged. That’s up to Jack and Jill I guess (it would be controlled by the network administrators, you know?). Might be a good idea though to have record of everything because you never know. I think that if everything is logged, that should be included in your policy so employees are aware that they can just say anything they want, that their conversations will be monitored. That will also help with the IM for socializing instead of work, and make sure that conversations stay appropriate. Did Jill give you the contact info for the legal counsel? I’m sure there are some regulations about what we can and can’t do, and those are the guys with the answers there.
GREG: I’m thinking that could be an awful lot of conversations….
LAURA: We’ll need to look into bulk storage requirements if you’re going to log conversations, that effort can take up a lot of space.
GREG: Ok, will do, thanks.
LAURA: I found a sample policy: http://www.ukoln.ac.uk/qa-focus/qa/policies/instant-messaging/. Not real elaborate, but might give you some ideas to get started.
GREG: Great. Thanks again
LAURA: Anytime.

For further reading:

http://www.symantec.com/avcenter/reference/secure.instant.messaging.pdf

http://www.ukoln.ac.uk/qa-focus/qa/policies/instant-messaging/

 

 

Subscribe to TechWhirl via Email