COMMENTARY--In a recent chat, a friend who is with a major mobile phone company said that Yahoo Instant Messenger had been banned from office desktops for "security" purposes. I found this ironic for a company that prides itself on connecting people.

Management, he said, was moving to stem the outflow of information--confidential or otherwise--and prevent any form of industrial espionage.

Too dramatic?


Organizations in the financial and legal sphere prohibit instant messaging (IM) at the workplace for obvious reasons. But now other companies have also moved to protect trade secrets from leaking out. The WPP Group is one example.

One of the world's leading communications services groups, which owns advertising, direct marketing and public relations agencies such as Dentsu, Young & Rubicam, Wunderman and Ogilvy PR, WPP is currently implementing strict controls at its worldwide locations.

In complying with new, post-Enron regulations from the U.S. Securities and Exchange Commission, the Group has moved to curb the use of several technologies--including instant messaging. Employees have been told the lack of proper documentation or audit trails to "track" conversations between internal and external parties on IM programs also pose a threat to the company and its clients.

Some quarters also contend that there are other reasons to block IM. One anti-virus expert said that instant messaging "just opens another hole" because users aren't trained on the dos and don'ts of using it. "Does e-mail make systems less secure? Yes. What about instant messaging? Yes, but you can live without it," Computer Associates' anti-virus head Eugene Dozortsev said.

He told my colleague Patrick Gray that any employee who has access to the corporate network should have at least two to three hours of security-specific training. Dozortsev argued that while IM has crept into corporate environments like any other tool, it has resulted in providing attackers, worms and viruses with another way in as well.

There are wider implications if instant messaging is banned. Companies like Microsoft, Sun Microsystems, PeopleSoft and Yahoo--which are scrambling for a piece of the enterprise messaging pie--could be deprived of a new and lucrative revenue stream.

By Fran Foo
ZDNet Australia
May 6, 2003, 5:47 AM PT

I read an article in the San Francisco Chronicle about a week or so ago where more companies were starting to use IM's more. It can be a good tool but as stated in the article it does have a downside.
Security? If an employee wants to leak or sell company secrets they don't need IM to do it. Might make it easier but it isn't necessary.
The bigger threat I think is abuse, employees chatting with friends or going to chat rooms, where another threat comes into play with picking up a virus and maybe having crucial data compromised.

It's happening.

This is a communal box that I am typing on right now - Communal because 6 of my employees also use this machine - Win95 - and not much for lockdowns, In the past I have had a employee running his ebay auctions from here - and checking them through the night [Night shift], I have had complaints from others that questionable stuff has been downloaded. And most recently - I have had physical damage done to network blocks with the suspect employee claiming that he had nothing to do with it. I trapped him by showing him the Temp Internet logfiles and the date stamps of last access. And when I had the machine repaired - at a cost to my department of $120 per. I was not amused. This weekend the same one thundered the toolbars of all the MS office applications. So Friday -just before he arrives - I am deleting the entire office package, And leaving a terse letter about useage.

IM was installed one weekend - while I was away - and returned on monday to find the ISS depart after me for their [weekend work] I was not amused!

And we had someone install an unpatched version of MS Frontpage - the faulty web server. - Actually it was a worm that got inside a firewall and nailed a bunch of things.

And as for true espionage - you will never know it happened - there will be no trail - or only a very cold one.

If I worked for a company and wanted to divulge their trade secrets, I'd use email before IM anyway. :p

~ Brandon

Thank our company doesn't have that rule! ICQ is ok in my office. Heck, I use it with some of the office workers because I'm too lazy to walk up to them! lol :D

We actually use MSN at my work place and it really helps as I might be at my cubicle or up in the security office or where ever and when ever I log in they know that they can catch me. But I still use ICQ for the most part due to having so many "buddies" that use it. so until they start using MSN I use both...MSN at work and ICQ at home