• Past Issues 2010
• Past Issues 2009
• Past Issues 2008
• Past Issues 2007
• Past Issues 2006
• Past Issues 2005
  • AZCPA December 2005
  • Chair's Message
  • The Latest on Audit Quality
  • Household Finance Classes Assist Families in Need
  • Lenders Still Pushing for “The CPA Letter”
  • The Bankruptcy Abuse and Consumer
  • Exciting CPAs
  • Member News
  • AZCPA November 2005
  • Chair's Message
  • Standing Out - Five Tips for Building Successful Internship Programs
  • Beware of the Client Agreement
  • ASCPA Focus
  • The Strategic Value of an Acquisition
  • Book Review
  • Exciting CPAs
  • Make a Difference—Your Voice and Financial Support Are Needed
  • Member News
  • AZCPA October 2005
  • Chair's Message
  • Family Limited Partnerships
  • Webinars
  • Instant Messaging Compliance
  • Spell-Check Isn’t What It’s Kracked Up to Be
  • Exciting CPAs
  • Member News
  • AZCPA September 2005
  • Chair’s Message
  • 2005 Arizona Legislative Report
  • The Arizona College
  • Exciting CPA
  • Law Suit Abuse Reform Survey Conducted
  • Arizona School Tax Credit Program
  • Member News
  • Tax Legislation Committee
  • AZCPA July 2005
  • Chair's Message
  • Seven Tips on How To Prepare for Business Events
  • 2005 Top Ten Technologies
  • Emerging Technologies
  • Performance Appraisals
  • Member News
  • News for CPAs
  • AZCPA June 2005
  • Chair's Message
  • Are You Still Using SEP IRAs?
  • Planned Charitable Giving
  • Long Term Care and Disability Planning:
  • Financial Planning Assumptions
  • Financial Planning Section
  • Member News
  • AZCPA May 2005
  • Letters...
  • Member News
  • Exciting CPAs!
  • ASCPA Recognizes Members’ Contributions
  • 2005-06 Board of Directors
  • Commercial Leasing: Tenant-Landlord Relationships
  • AZCPA March 2005
  • Chairs Message
  • Exciting CPAs Go Global!
  • Commitment to Excellence
  • AHCCCS to Begin Issuing Liens
  • Insights for Making Outsourcing Decisions
  • Five Flaws in Arizona's Private School Tax
  • Member News
  • AZCPA February 2005
  • Chairs Message
  • ASCPA Public Service Award Recipient
  • ASCPA Membership Survey
  • Attract and Retain Quality Employees
  • Billing, Collecting and Suing for Fees
  • How to Easily Handle Difficult People
  • HR Resources
  • The Virtual Office
  • AZCPA January 2005
  • Focus
  • Exciting CPAs!
  • Are You Ready for a CPE Audit?
  • Six Sigma
  • Keeping Your Information Safe
  • Optimizing Tax Production in 2005
  • Spam Technologies
  • MAP Survey Results Released
• Past Issues 2004
• Past Issues 2003
• Past Issues 2002

Instant Messaging Compliance

Matthew Wilson, MCSE

Are you continually playing catch-up in terms of your compliance with federal and state regulations regarding record-keeping and communication controls?  Instant messaging is yet another medium of communication that requires controls and recordkeeping. 

Instant Messaging (IM) is not quite a phone conversation, and it’s not quite an email conversation.  Today, people at 90 percent of all U.S. organizations are using at least one IM network1, be it MSN Messenger, AOL Instant Messenger, Skype, Yahoo Messenger, ICQ, or Jabber. 

There are many official and unofficial software clients for each of these IM networks, including Google Talk, which uses Jabber.  There are also browser-based clients, which can allow savvy employees to bypass your corporate firewall to participate in IM. 

Employees claim that IM:

• Increases the efficiency of short fact gathering and “fyi” conversations among fellow employees.

• Increases their availability to clients who also might be using IM.

As employers, you might think of IM as:

• A cheap way to communicate using short messages.

• A way to communicate without worrying about a record being kept (as opposed to using email or mailing a letter).

• A way to communicate with coworkers who are working remotely to get quick answers.

So what’s the big deal?  What’s wrong with letting your employees use Instant Messaging unfettered?  Several points to ponder:

 

Privacy

IM traffic passes through a third party’s servers. Every instant message is sent cleartext (unencrypted) over the Internet through an IM network’s servers, from which it is delivered to the recipient. Even if employees are using IM  to talk about things within the office, messages still leave your office and travel across the Internet unencrypted, ripe pickings for would-be hackers.

It is rumored that these IM networks are monitored and policed by the FBI and other intelligence agencies, thanks to some recent high profile terrorism cases that submitted intercepted IM traffic as evidence before the court. 

Note: If you run your own Jabber server or Microsoft Live Communications Server, your IM traffic does not travel over the public Internet.

 

Security

Instant Messaging clients can expose your workstations and laptops to spyware, rootkits, viruses, and worms that your Antivirus software might not be able to catch.  The most popular ones such as MSN and Yahoo are generally protected by the most popular Antivirus clients, such as Norton/Symantec and McAfee, but the lesser known clients are generally not protected.

 

Compliance/Liability

You may be required to track, control, and/or record all communications (including Instant Messages) by your employees for record retention & preservation, unauthorized disclosure prevention, search & retrieval, and privacy protection purposes.  Policies and enforcement by threats are not sufficient.  If you don’t keep tamper-proof records of exactly what messages are being sent and received by your users, you may be held liable if you are not able to produce records of business/official communications.  See below for some software options to electronically enforce your compliance needs.

 

Resource Usage

Your users may be using Instant Messaging clients to transfer unnecessary files back and forth – games, funny animations, jokes, etc. – all of which waste bandwidth and time.

 

Productivity

In reality, IM has many of the same caveats as personal email usage. The major difference is that the conversation is real time, which can inflict larger productivity penalties on your users. Some clients, such as Trillian, can connect to more than one network at a time. There are advantages to these programs for personal benefit, but tracking the traffic through non-company related IM conversations can be reduced by adhering to policies regarding personal IM traffic.

 

Some Software Needs

Monitoring: First, you need to become aware of the extent of the use and abuse of IM in your firm. 

Policies: Enforce your IM usage polices.  Make your employees aware of the dangers and consequences.  If you do not have an IM policy, establish one, or append it to your Internet/E-mail Usage policy.

Controls: Establish control over the following parameters: Who can use IM? Which IM services can they use? When can they use them (business/after hours if on a company computer)?

Logging/Tracking: Who sent what, when?

 

Matthew S. Wilson is the Web and Network Administrator and Webmaster at Boomer Consulting, Inc. He can be reached at matthew@boomer.com.

 

Endnote

1 According to Osterman Research 2005.

© 2004 ASCPA, Inc. All rights reserved.
Privacy Policy

Home  |   Search  |   RSS  |   Contact Us  |   Site Map