August 2008 / August 2008 - Instant Messaging Best Practices

Although it started off as a home application for chatting with friends, instant messaging is now being embraced by the business world as a productivity-enhancing real time communication tool. While its popularity continues to rise, many businesses are still unsure of the proper policies they should have in place to deal with instant messaging usage. In this month’s Tech Brief we’ll discuss Thrive’s recommended instant messaging best practices and provide some insight into managing this technology across your organization if you do plan to use it as a method of communication.

Instant Messaging Best Practices

Implement an internal, enterprise-level system – While there are many public instant messaging (IM) applications available (such as AOL IM, Yahoo! Messenger, ICQ), none offer the level of security and management that a private IM system provides. This doesn’t mean however that your users should be denied access to public systems, since private IM systems can be used to communicate with clients or other business contacts who use public IM applications. A good enterprise-level program will be able to provide access to the public messaging networks while still providing your business with security tools to ensure your network remains safe.

When looking for the right application its important to find one that will allow you to track messages as well as archive them. It also needs to be scalable and flexible in order to grow with your organization. A good idea is to select a program that supports multiple operating systems, since as your network grows and evolves you may find Mac and Linux machines used in addition to Windows PCs. Also, consider if your private IM system should be one that can be accessed by users on the road through their mobile devices. This can be a great asset if you have road warriors as part of your work force who would benefit from real time communication to your corporate headquarters.

Products such as Jabber, Effusia, and Microsoft Office Communications Server are popular enterprise-level solutions.

Strongly consider dedicating a server to IM – If the resources are available, install the enterprise IM software on its own dedicated server. Harden that server like you would any other: limit access only to authorized users, turn off unnecessary services, install antivirus software, keep patches up to date, and block non essential ports to that server at your firewall.

One of the key benefits of a dedicated server is the ability to be flexible with data storage. Databases store IM-related data such as buddy lists, subscription states, and privacy guards. To leverage multiple databases simultaneously for different purposes, such as archiving, offline messages, and presence, you need storage flexibility that a server can provide.

Monitor access to public IM networks – If your corporate IM software allows users to access public messaging networks, make sure to take steps to monitor your IM traffic and prevent external malicious activity. Some best practices for doing this include disabling file transferring to and from all public IM networks, and restricting access to those networks only to those employees who truly need it to perform their job duties.

Monitor communication – Just like email, IM is another form of communication and as such should be held to the same monitoring standards. Inform employees that their IM conversations may be monitored, and stress that sensitive information should never be shared over public networks. If you don’t have an enterprise-level IM solution in place and are permitting your people to leverage the public messaging networks from the office, consider investing in products from Cymphonix or Barracuda that will enable you to monitor incoming and outgoing IM traffic and to log IM conversations.

Be aware of regulatory requirements and implement an archiving plan – IM creates business records and therefore should be archived if necessary for compliance reasons. This especially holds true for organizations that are subject to regulations which demand that all electronic communication be archived. Even for those companies not under regulations, archiving IM data can prove useful for future reference or for legal purposes should they ever arise.

Train your users in proper IM policy – To be successful, your organization’s IM rules and policies must be embraced by all employees. Use your companies training program to address IM risks, rights, rules, responsibilities, and regulations. Stress the fact that complying with IM policy is a requirement that all employees must follow.

As with any deployment of a new business technology you should consult your IT provider to make sure you’re receiving the best solution for your business needs. This rule of thumb is especially true with instant messaging since it presents unique security concerns which you want to be prepared for. Set up properly a private IM solution will allow you to realize all of the benefits of instant business communication without the risks commonly associated with public IM services. Thrive has experience helping our clients to choose and implement IM solutions that fit their organizations requirements. If you have any questions please feel free to contact us.