• United States
by Christine Perey

IM policy pointers

May 26, 20032 mins
Collaboration SoftwareMessaging AppsNetworking

As with any enterprise network application, good security for instant messaging starts with smart business practices. If public instant-message services are permitted within the company, users first must agree to a corporate usage policy. Meta Group recommends that an instant-message use policy should at least cover these points:

  • Privacy. Instant-message users should have no expectation of privacy, and are subject to monitoring when policy abuse is suspected. Users of public instant-message services should be aware that they are broadcasting their presence to all users on the public network.
  • Offensive content. Circulation of offensive material (racist, sexist, among others) is prohibited and grounds for immediate termination.
  • Personal use. Personal use is either acceptable within reason, or forbidden.
  • Security. External communication can be intercepted and redirected. Disclosure of any sensitive material is strictly prohibited.
  • Contact lists. Business and personal contacts should be on separate lists to minimize the risk of mistaken communication.
  • Screen names. Use a business-appropriate screen name that meets corporate conventions.
  • Liability. Judges can subpoena instant messages. Avoid libelous, defamatory and other unsavory communications.
  • Personal information. Do not include personal data (passwords, credit-card numbers) in instant messages.
  • Viruses. Be aware that instant messages can contain viruses and other destructive payloads. Be alert to any suspicious messages. Decide whether file transfer via instant messaging is permitted or not.
  • Etiquette. Observe all forms of personal etiquette when communicating via instant messaging. Use of the “Do not disturb” feature is acceptable.