Fighting security threats from IM and rogue Web access

How to manage the IM invasion into businesses

Businesses of all sizes today are graduating from the first stage of Internet use, dominated by e-mail, to a new stage characterized by increasing use of the Internet for research and of instant messaging (IM) to supplement telephone and e-mail for communications both inside the company and with clients and business partners.

The Web, of course, has become a tremendous resource, with information on almost any subject imaginable from the latest company quarterly reports through innumerable white papers and recorded interviews on business subjects to in-depth analysis from established sources such as Dow Jones & Co. and newcomers such as Hoover's. And employees at all levels are using those sources.

This is exactly the situation that Geoff Lawson walked into in June, when he became director of IT at Morehead Memorial Hospital, a 108-bed community health center in Eden, N.C. "We were having a tough time when I arrived," he says. "The Internet access genie was out of the bottle; everyone fighting to justify having it, and we had no way to enforce acceptable-use policies, and the threat of spyware and malware coming in from Web sites was an issue that had not been addressed."

1. Ready or not, it's already here

So the first thing IT needs to realize, if it has not already, is that Web access is already being used in the enterprise with increasing regularity, with or without the knowledge of senior management or IT.

And IM is not far behind, if it has not already arrived in the form of online consumer services such as Yahoo Messenger, which have neither security nor a way to archive IM sessions.

In many companies IM and its cousin, group chat, have become the second telephone already, and many experts predict that it will become as pervasive and heavily used as voice telephone and e-mail within a decade, if not sooner. The increasing popularity of smart phones in business is helping to drive its popularity by making it as pervasive as cell service.

So far the hospital has blocked IM, but this is a temporary stopgap. Lawson says he is actively investigating IM providers with an eye to picking one as the official carrier for the hospital, and he is also looking for a way to log IM sessions and handle the security risks it brings.

2. Productivity tools or time wasters?

The second thing to realize is that while the Web can be a boon to efficiency and quality, it also can become major time waster when employees spend hours on non-productive sites or chatting via IM with friends.

Worse, it can create hostile workplace environments when employees visit Internet porn or other sites that other workers may find objectionable. Therefore, businesses need to establish rules for Internet use, and they need a way to enforce those rules. This, says Lawson, is a nontrivial task that challenged Morehead Hospital's internal IT group. That was another reason for blocking IM entirely -- the hospital needs time to deal with one set of issues before taking on the next.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about ACTAOLDow JonesFinancial InstitutionsHoover'sMessengerPioneerPostiniVIAYahoo

Show Comments