IM: It's fast, effective... and insecure

NEWS Instant messaging is the latest must-have app for big business - enabling fast effective communication around offices and organisations - but it may be doing more harm than good due to concerns over security and accountability. Investment banking is one area where the necessarily rapid dissemination of information is aided by IM - but it is also one area where serious problems can arise. Conducting transactions over IM can have serious regulatory consequences because of the lack of audit trails. With emails, letters and even phone calls it is possible to save copies to file, but with most popular IM tools there is little scope for recording conversations. There are also a number of security issues - with virus writers starting to target instant messaging as a direct route back to the desktop and onto the network, without having to encounter email security measures and firewalls. Post-Enron and post-Worldcom regulatory issues need to be considered at all times when implementing any new communication tools and research from Vanson Bourne warns that banks may be heading for trouble if they don't get a handle on IM use. Kevin Withnall, director at Vanson Bourne Research, said: "Instant messaging has developed into a serious business application within the financial community which is now used alongside the phone and email for front-office communications. Monitoring of email is now corporate policy for most institutions but regulatory pressure does not yet seem to have extended to IM conversations that happen on free, public networks." According to the research 10 per cent of financial institutions have no idea whether or not their employees even use IM, as it bypasses much of the network and many users can download it direct onto their desktop from services such as AOL and Yahoo! Meanwhile 50 per cent of institutions say their staff definitely do use IM. Although traders and brokers are the main users of IM within 60 per cent of institutions two out of three are using public systems which pose the greatest regulatory and security problems. However, the answer is not to ban IM altogether according to Glyn Baker, director of business development at secure instant messaging firm FaceTime, who commissioned the research. "Simply banning IM usage is not the answer," he said. "IM is a great personal productivity tool that has some clear business advantages. It's better to let people use this technology to do their jobs but have the right controls in place just like we do for email and telephone calls." "Headline financial transactions are being done effectively 'in the wild' and with tools that are free on the internet," added Baker. "Unregulated conversations are harmless fun for your average consumer, but not in a high profile, high value industry with strict corporate governance standards." Many companies have now recognised the need for greater security and features such as audit trails. Reuters and Yahoo! are just two big-names who have rolled out IM packages for business use to date.