IM It’s Speedy And It Can Spell Trouble

Robert Capwell has seen the future of electronic communication and he’s not exactly pleased. While the goal of staying in touch with employees, customers and business partners is noble enough, today’s technology can create more than a few diversions and even devastations along the way. And in his mind, nothing is more than the wildly popular practice of sending instant messages. “It can become a productivity drain and a security concern,” says the president and CEO of Comprehensive Information Services, Inc., a Pittsburgh firm specializing in background checks.

Capwell speaks from experience. A couple of years ago, employees began using AOL instant messaging to communicate with one another. At first, he welcomed it as yet another tool in the digital arsenal. But as time went on, he began to notice that employees were using it to chat with one another and talk to people outside the office. The productivity drain was bad enough, but when the company got smacked with a computer virus transmitted through IM, he pulled the plug. “We established rules about electronic communication, and one of them was to ban the use of instant messaging,” he says.

These days, it seems that instant messaging is as popular as BlackBerries for speed dating. According to market research and consulting firm Gartner, 70 percent of all enterprises will use IM by the end of 2003. Meanwhile, market research firm IDC predicts that the corporate instant-messages market will grow from 5.5 million users worldwide in 2000 to 180 million in 2004. By then, the number of messages sent will approach 2 trillion annually.

Yet despite its enormous popularity–understandable if you consider that IM lets users connect to others inside and outside a business at any given moment–some are now taking a critical look at these systems. “Many companies are in denial about how much instant messaging is going on and the risks of using it,” says Larry Pearlstein, a managing vice president at Gartner. “There’s a lot of valid business being conducted using these applications, but for most organizations, the concerns over security, productivity and legal issues outweigh the potential benefits.”

Talk is cheap
   What makes IM so compelling is that it’s insanely simple to use. Employees can see who else is available, and if it’s someone they want to talk to, they’re able to connect in real-time. Passing messages back and forth is as easy as typing sentences and clicking a send button. What makes it more than a bit scary is that consumer versions of IM such as Yahoo! Messenger, Microsoft MSN Messenger and AOL Instant Messenger–which employees might install themselves–can provide entrée to hackers and data thieves. It’s possible for a participant, either intentionally or not, to send viruses through many IM applications via an attached file or a linked Web page.

“Without encryption and virus protection, instant messaging is an open door,” says David Perry, global director of education for Trend Micro, a leading IT security provider. He notes that viruses, worms and Trojan horses can wreak havoc. So-called keystroke loggers can record everything workers type and transmit the data to a remote PC; backdoor programs allow someone to browse the hard drive, alter files and even turn on the PC’s microphone or video camera; and garden-variety viruses can annihilate data and trigger productivity chaos.

Legal issues can also be potentially perilous. Lacking a record of electronic communications with customers and employees, companies can find themselves in a netherworld where it’s one party’s word against another’s. That’s an especially serious concern in the health-care and financial-services arenas. Last December, the Securities and Exchange Commission, New York Stock Exchange and National Association of Securities Dealers fined Goldman Sachs, Morgan Stanley, Salomon Smith Barney, Deutsche Bank Securities and U.S. Bancorp Piper Jaffray a total of $8.25 million for improper retention and destruction of e-mails and other electronic documents.

That’s not all. “There are potential sexual-harassment and wrongful-termination issues, if a company doesn’t take the necessary precautions,” states Chanley T. Howell, a partner at Foley and Lardner, a Jacksonville, Florida, law firm specializing in e-business and information technology. Although a rogue instant message or two may not represent a threat–even if it contains material that’s pornographic–an ongoing pattern of such messages slipping through, combined with unacceptable behavior within the organization, could land a company in court.

The productivity drain can prove even more frustrating. IDC reports that 30 to 40 percent of Internet use in the workplace isn’t related to business, and employee misuse of the Internet is a $63 billion problem for corporate America. While IM is only a small part of the vast Internet universe, it’s clear to Capwell and others that without strict controls, some employees will abuse such systems.

The message is clear
   Despite a hornet’s nest of potential problems, a growing number of organizations are making IM part of their digital tool chest. At Magnet Communications, a New York-based public relations firm with offices in eight U.S. cities, account reps and others regularly ping each other with questions and information using MSN Messenger. “People who are unreachable by phone or e-mail are often willing to exchange a quick IM,” says Catherine Morrison, an account supervisor in San Francisco. She uses IM 40 to 50 times a day.

At Avnet Computer Marketing, a distributor of mid-range to high-end systems and software, IBM Lotus Sametime enables 650 employees to share information and respond to customer needs immediately. That saves each employee 5 to 10 minutes a day. In addition, instant messaging allows technicians in the field to instantly determine who at the office is available and to quickly obtain answers to their questions without having to access e-mail or make telephone calls.

Unlike general instant-messaging systems, IBM Lotus Sametime offers a high level of protection, using encryption and a firewall to minimize threats. It’s part of a growing trend toward secure corporate IM applications. Other vendors that have jumped into the corporate IM space include Reuters and Yahoo! with its Messenger Enterprise Edition. Osterman Research reports that 28 percent of organizations are presently blocking IM traffic, and only one-third have settled on an IM standard.

In the end, perhaps only one thing is certain. “Instant messaging is here to stay,” Gartner’s Pearlstein says. “It’s become part of the business lexicon, and as with the Web and e-mail before it, organizations will have to learn how to use it safely and effectively. With adequate security measures and well-conceived procedures and rules, it can evolve from a bane to a more integral part of the way companies do business.”

Workforce, July 2003, pp. 84-85 — Subscribe Now!