Rogue employees spend the workday engaging in risky online behavior without technology in place to prevent security breaches, to monitor content, or to retain and archive IM business records. Oblivious to the behavior and out of touch with the technology, some employers simply allow high-risk IMto occur, absent of written rules and policies to govern employee behavior and protect the organization from litigation, security breaches, and other risks.
An internal survey revealed that more than half of the 1,300 employees of regional stock brokerage firm Stifel Nicolas had downloaded free IM software from the Web without management’s knowledge or approval.
Brokers were using IM without the authorization of the firm’s compliance department, which is charged with ensuring that the firm adheres to recently tightened SEC, NASD, and NYSE regulations covering the management, monitoring, and retention of instant messages. [9]
The government and industry regulators who oversee financial services firms are serious about IM and e-mail compliance. Five Wall Street brokerages were fined $8.25 million for violating SEC e-mail retention rules in 2002.[10]
Securities firms that violate regulators’ IM rules, intentionally or accidentally, should expect to be hit with equally robust penalties.
[9]Dan Orzech, ‘‘Under IT’s Radar, Instant Messaging Invades Corporate Desktops,’’ InstantMessaging Planet (July 14, 2003), www.instantmessagingplanet.com/enterprise/article.php/1120822348711 .
[10]Nicholas Varchaver, ‘‘The Perils of E-Mail,’’ Fortune ( February 17, 2003), 96.