Thanks to former congressman Mark Foley, the abusive use of instant messaging is in the news. Mr. Foley was found to have sent inappropriate messages to underage congressional helpers. Not only is this morally wrong; it is a crime. If prosecuted and convicted, he can go to jail for this activity.

But the buck doesn’t stop at Foley when it comes to blame. There are repercussions being felt by his employer (the U.S. federal government) in terms of culpability for Foley’s actions. Who knew he was doing this? Who tried to get him to stop? Should his employer have done more to stop or prevent this illegal activity? Is his employer liable for his actions in any way?

Foley’s case, of course, is exaggerated because it is being played out on a national stage, during an election year. Ordinary cases of IM abuse are usually not so high profile. But the scandal could easily be closer to home if an employee at your organization used company resources to send or receive offensive, threatening or damaging IMs.

Aside from the potential for abuse of IM, there are the security threats it poses for an enterprise. Viruses and other malware use IM as a vector for entering network environments that are otherwise protected against such threats. Gartner analysts say IT administrators who do not manage and protect public IM will experience 80% more IM-related security incidents than those that do.

For all the fears about IM, many organizations find it to be a very useful tool for increasing productivity, and they encourage employees to use IM. At the same time, there is a need to monitor what IM is being used for - perhaps to prevent the kind of abuse instigated by former Congressman Foley.

There are numerous products on the market today that address IM security and compliance in the enterprise and SMB markets. Among the products are software applications, such as IM Policy Manager from IM-Age Software and Symantec IM Manager, and physical appliances such as Barracuda Networks Instant Messaging Firewall and Facetime’s IMAuditor.

Whether hardware- or software-based, what these products have in common is the recognition that organizations must manage, monitor and control IM activity so as to assure compliance, prevent data leakage, prevent IM-based attacks, and monitor for inappropriate use.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.