IM OK, R U?

If you have teenagers, a computer, and a home Internet connection, you probably are aware that instant messaging is their social lifeline, and as natural for them as breathing. On the other hand, adults rarely use it. We're more acclimated to using the telephone if we want instant feedback, and e-mail if we want to send a message or question that does not require an immediate response.

IM fills a role somewhere between the two: less permanent and quicker than e-mail, more permanent, slower, and less nuanced than a conversation. It usually is a group communication medium, not one to one, which means that it provides a more ad hoc version of a conference call. Want to bounce an idea off three people simultaneously? IM them all at once and get their feedback immediately with a few keystrokes.

IM is likely to grow into the business environment as the current generation of teenagers begins to enter the workforce. It is so natural to them; they will come up with wonderful, creative ways to make it an efficient workplace tool. I have used it in limited capacity to get quick responses from the few coworkers here who use it. It is not necessary to pick up the phone or remember phone numbers; just click an IM icon, click the recipient's name, and start typing. One nice feature, for those who allow their profiles to be viewed, is that it is possible to see which of one's contacts are online at any given time, signaling whether a particular person is available to respond.

Can it Pay?

More and more employees, many of them young and raised on IM, use instant messaging in the workplace. This has the advantages of informality, spontaneity, and quick transmission. " I have used instant messaging as a useful tool during conference calls, where we have employees in different locations," says one writer and consultant. " We can communicate privately with each other, while maintaining the teleconference, to bring up points that are not for everyone else to hear."

Mark Massey, senior manager at Ernst & Young notes, "Instant messenger is a double-edged sword. It is a great tool for short and quick exchanges of information." Some people, however, are IM-addicted; therefore, it can detract from productivity. "The instant access it provides," cautions Massey, " also gives other people instant access to you, which can be a great distracter." Used wisely, however, he believes it is a good tool.

Mary Andrews, senior director of risk management for Alpharma, believes that instant messaging is best left outside the office. "Are we letting someone else's supposed need to reach us run our lives?" she asks. Andrews concedes that IM is a valuable tool, but also can be a huge time-waster if not managed properly.

Angela Pannell, president of Vision Risk Services, notes that her company uses IM more internally than externally. Her firm started using it when a client requested that she be available this way. The company then expanded it within her office and she finds IM to be an excellent internal communication method.

Risk managers may be able to harness IM to get quick online responses on various issues related to safety, claims, insurance pricing, and broker selection. Doing so might be easier than the laborious and often frustrating ritual of trying to schedule a conference call. As a collaborative communication tool for risk managers, therefore, IM holds some promise.

Risk Management Perils

Perils lurk, however, for the unsuspecting. IM can present organizations with new and accentuated liabilities. Risk managers must be aware of these and formulate plans to address and minimize the risks, which include:

Loss of vital information — IM creates communication channels that the risk management department and the IT manager cannot control by traditional means, e.g., fire walls or mail gateways.

Legal liabilities — Like e-mail, IM has the illusion of privacy and confidentiality. Old messages seem to evaporate into cyberspace's ether. This is not the case with IM, just as it is not the case with e-mail. Employees use IM to make comments that they feel are off the record, but actually are stored locally or on a server and, thus, may be discoverable in a legal investigation. These can come back to haunt a company.

Identity masquerading — It is possible to send messages under other peoples' names, thereby harming relationships inside and outside the risk manager's organization.

Vance Bowen, CEO of Comaxial Corp., believes that instant messaging is a severe security threat to information integrity, availability, and confidentiality. "Even casual conversation via instant messenger chat clients is dangerous," he warns. His suggestion: forget instant messaging at work.

Shari Deutsch, risk manager of Lam Research, notes that her company, a telecommunication firm, bars use of instant messaging on company computers for several reasons. IM communications breach fire walls and expose networks to viruses, worms, etc., she notes. There also are encryption difficulties. If a company engages in any kind of work with intellectual property risks, IM is a dangerous format.

Documentation issues also can arise. E-mail provides a more accessible record of the discussion and documents of any decisions, approvals, or other actions. If record keeping is a concern, IM is a less viable format.

Given the recent impact of business-initiated e-mail conversations that have gone public or are being used in court, people see IM as a safe alternative for conducting casual or personal conversations. The seemingly greater degree of privacy may lure employees to let their hair down. Seemingly is the operative word.

"If there are no cyber-risk or recording concerns," Deutsch says, "IM can be a convenient tool, but not useful for business communication."

She adds, "I only notice messages when I am sitting at my desk. Since I don't stay there very often, people generally couldn't reach me any faster through IM than e-mail. Also, when I sit at my desk, I usually am engaged in something that requires concentration and IMs' popping up all the time would drive me nuts."

One key issue is the kind of risks to which the use of instant message programs might expose the company network. Many experts think that IM is like an open door to the network.

W. Darryl Ross, director of risk management and insurance for Norske Skog Canada, recently imported a virus when someone sent him an instant message. He was traveling and his computer was disabled for days. Afterward, he had his IT department disable instant messaging on his laptop. He believes that e-mail is a better visual tool that lets one scan messages and decide whether to open or delete them.

James Moore, president of J&L Insurance Consultants, has been burned by using IM. One never knows who is on the other end, he cautions. "You open the door to your computer and servers," he says. "Some anti-virus programs will not protect a computer from IM. Someone can go around the security of your program by uploading a dangerous file underneath your IM conversation."

Risk managers may be able to harness IM for personal productivity, enhancing quick communication across borders and time zones. Used unwisely, however, IM as a workplace feature can become a drag on productivity and even spawn menacing aftereffects. Like e-mail, the telephone, or faxes, IM inherently is neutral. As a tool, it can be used or abused. The problem lies not so much in IM but in its users or the purposes to which they apply it. The risk management challenge will be to formulate IM policy – likely in collaboration with the IT department – in order to exploit the good features and purge the bad.

The discussion could continue for another page but, in the interest of time, I've GTG.

Top 10 IM Abbreviations

According to Omnipod, a corporate instant messaging vendor, the most popular IM acronyms are:

1) BRB (be right back)

2) CTRN (can't talk right now)

3) IMO (in my opinion)

4) HTH (hope this, or that, helps)

5) IAM (in a meeting)

6) WFM (works for me)

7) BFO (blinding flash of the obvious)

8) DHTB (don't have the bandwidth)

9) IHMB (I hate my boss)

10) SLAP (sounds like a plan)

Guidance on Avoiding IM Risks

Instant Messaging Rules: A Business Guide to Managing Policies, Security and Legal Issues for Safe Communication, by Nancy Flynn, Amacom. This brand new book (July 2004) offers sample IM policies.

Kevin Quinley is senior vice president of Medmarc Insurance Group in Chantilly, Va. Reach him at kquinley@kevinquinley.com or www.kevinquinley.com.