But unlike water-cooler chatter, IMs leave a trail -- one that can be tracked by employers, regulators, and law-enforcement officials. And like e-mail, IMs are considered legal documents.
Public companies can be subpoenaed for IMs that may indicate Sarbanes-Oxley violations. Trial lawyers can demand IM records for workplace harassment lawsuits. The American Medical Assn. can cull through health-care-provider IMs for evidence of violations of the Health Insurance Portability & Accountability Act, a law aimed at ensuring access to health-insurance coverage for people who change jobs.
Regulatory breaches via IM are not the only concern for today's employer. In a lawsuit filed early this year, Yahoo! alleged that a group of ex-employees used IM to distribute confidential business and technical data for use with their new employer, a competing startup. Records of this IM correspondence became a key piece of evidence in the case.
Time-Saver
Love it or hate it, IM is here to stay. Companies can try to stop employees from using it, but the bevy of new IM features and the growing proliferation of IM services from Microsoft, Yahoo, and Google are rapidly making this an exercise in futility. In fact, some analysts predict that IM will soon overtake e-mail as the No. 1 form of electronic communication.
A 2004 survey by the Pew Internet & American Life Project found that 4 out of every 10 adult Internet users in the U.S. use IM. "There is no doubt that IM use will intensify," notes Amanda Lenhart, research specialist at the Pew Project and co-author of the report. "IM use at home and in the workplace will grow as these creative and time-saving uses of the technology percolate through the generations."
So how can companies harness IM to increase productivity and maintain employee trust while reducing the risk of security breaches or compliance violations?
Preservation Is a Must
First and foremost, employers and their I.T. teams must remember that IM -- similar to e-mail -- leaves a paper trail and should therefore be continually logged, stored, and readily accessible. Recently investment bank Morgan Stanley agreed to pay $15 million to settle an investigation by the Securities & Exchange Commission into the bank's failure to preserve e-mails.As IM usage continues to proliferate, its regulation and the legislation governing it will begin to mirror those of e-mail. Ensuring that IM can be archived and recovered at both the network/server level as well as the user level is therefore critical.
Second, employers should keep in mind that while IM may make their business more efficient, productivity should never replace protection. Shielding against employee IM "mistakes" starts with getting serious about policy. In general, users are well-behaved when they know they are being watched.
Call centers recognized this long ago, when they started recording calls at random for "auditing" and "training" purposes. Once these policies were implemented, the quality and compliance to corporate policy dramatically increased. Establishing an IM policy and reminding employees that monitoring tools are in place can go a long way in averting potential problems down the road.
Here are a few more do's and don'ts for IM use in the workplace.
Do:
Create policy. Outline specifically what type of communication is appropriate for IM, vs. face-to-face, telephone, e-mail, fax, and physical mail delivery.
Facilitate training. Policies are useless and unenforceable if they are not properly communicated across the organization. Set expectations that IM is an official corporate communications tool for all employeesfrom the newest hire through the CEO.
Maintain enforcement. Put in place processes that enforce this policy.
Use I.T. tools. Investigate technologies for both IM security and policy enforcement.
Don't:
Ignore IM. Some companies have the mindset that "we don't allow IM, so our employees don't use it." This is an ignorant stance. If IM is not controlled and managed by the company, it can be abused, and companies can be held accountable.
No comments:
Post a Comment