Content Concerns. Employees who mistakenly view e-mail as a tool for off-the-cuff, casual conversation are likely to play particularly fast and loose with IM, creating huge liability risks.
Regulatory Nightmares. Health care and financial services are just two of the industries that must adhere to governmental and industry regulations governing IM content, privacy, and retention—or face potentially huge fines and even jail time.
Security Breaches. When employees use free IM software from AOL, Yahoo!, or MSN, messages are transmitted via the public Internet, increasing the possibility of data theft and electronic eavesdropping. The absence of encryption in personal IM tools adds to security risks.
The use of public IM networks also may open the organization up to viruses, worms, and Trojan horses that otherwise might not be able to penetrate the organization’s firewall and antivirus software.
IM attachments also create security concerns, as an attachment received via IM is not checked by the antivirus scanning engine that eyeballs e-mail attachments.
Incompatibility. Unlike e-mail, IM poses software compatibility problems. If users access a public IM network, they can communicate only with buddies using the same tool. When employers install enterprise-grade IM, employees’ conversations are limited to internal chat. Some would argue that the inability to communicate externally with all audiences, regardless of the product used, defeats the purpose of IM—speedy real-time communication.
Monitoring and Retention Headaches. Like e-mail, IM creates business records that must be retained for legal and regulatory purposes. It’s easy to monitor messages transmitted via an enterprise system. But if you allow employees to use personal IM software, you must install technology products that are designed to monitor messages and keep content in line with IM policy. You also are advised to use tools that automate IM retention and storage in compliance with legal and regulatory requirements.
False Sense of Security Regarding Retention. Because an instant message vanishes after it is read and its window closes, employees may mistakenly believe that a disappeared message is gone for good. In reality, the message-archiving function on the public networks that are used by as many as 90 percent of IM chatters allow users to log and archive IM conversations, just as they would save e-mail—without the other party’s knowledge or consent.
The unmanaged retention and deletion of instant messages creates the same liability risks that are inherent in e-mail and paper records when their creation, deletion, and storage are not properly monitored and controlled.
Decrease in Productivity as Chat Increases. Some users may feel that constant IM interruptions have a negative impact on productivity. Incoming messages pile on top of e-mail, news summaries, and other data that competes for the reader’s productive time.
Rogue Use. The availability of free IM downloads makes it easy for tech-savvy scofflaws to use IM in violation of the organization’s rules and policies, and sometimes in spite of scanning software and firewalls.
Messages Not Read or Acted Upon. Like e-mail, IM may be a great way to send information quickly, but it’s not necessarily the best route to a quick reply. If the recipient is away from the desk, on the phone, or receives a flurry of instant messages that cover up your message, your instant message may not be read or acted upon.
Misuse of User IDs and Corporate Domain Names. The misuse, abuse, and misappropriation of IM user IDs and corporate names and domains is considered by some industry insiders to be the top IM challenge facing business. The inappropriate use of unprofessional user names, the assumption of false identities, and the appropriation of corporate domain names by nonemployees or by ex-employees are just a few of the risks posed by instant messaging.