research paper
ITS 833 – INFORMATION GOVERNANCE
Chapter 12 – Information Governance
For Email and Instant Messaging*
University of the Cumberlands
Dr Isaac T. Gbenle
1
1
Organizations should assume that IM is being used, whether they have sanctioned it or not. And that may not be a bad thing—employees may have found a reasonable business use for which IM is expedient and effective. So management should not rush to ban its use in a knee-jerk reaction. Here are some tips for safer use of corporate IM:
Just as e-mail attachments and embedded links are suspect and can contain malicious executable files, beware of IM attachments too. The same rules governing e-mail use apply to IM, in that employees should never open attachments from people they do not know. Even if they do know them, with phishing and social engineering scams, these attachments should first be scanned for malware using antivirus tools.
Do not divulge any more personal information than is necessary. This comes into play even when creating screen names—so the naming convention for IM screen names must be standardized for the enterprise. Microsoft advises, "Your screen name should not provide or allude to personal information. For example, use a nickname such as SoccerFan instead of BaltimoreJenny."[19]
Keep IM screen names private; treat them as another information asset that needs to be protected to reduce unwanted IM requests, phishing, or spam (actually spim, in IM parlance).
Prohibit transmission of confidential corporate information. It is fine to set up a meeting with auditors, but do not attach and route the latest financial report through unsecured IM.
Tips for Safer IM
2
2
Important things to know
3
Restrict IM contacts to known business colleagues. If personal contacts are allowed for emergencies, limit personal use for everyday communication. In other words, do not get into a long personal IM conversation with a spouse or teenager while at work. Remember, these conversations are going to be monitored and archived.
Use caution when displaying default messages when you are unavailable or away. Details such as where an employee is going to have lunch or where their child is being picked up from school may expose the organization to liability if a hacker takes the information and uses it for criminal purposes. Employees may be unknowingly putting themselves in harm's way by giving out too much personal information.
Ensure that IM policies are being enforced by utilizing IM monitoring and filtering tools and by archiving messages in real time for a future verifiable record, should it be needed.
Conduct an IM usage policy review at least annually; more often in the early stages of policy development.
3
Important things to know
E-mail is a critical area for IG implementation, as it is a ubiquitous business communication tool and the leading piece of evidence requested at civil trials.
Nearly 80 percent of all employees send work e-mail messages to and from their personal e-mail accounts, which exposes critical information assets to uncontrolled security risks.
Meeting e-mail retention and archival requirements becomes an impossible task when e-mail messages are routed in a haphazard manner via personal accounts.
In developing e-mail policies, an important step is consulting with stakeholders.
E-mail policies must not be too restrictive or tied to a specific technology. They should be flexible enough to accommodate changes in technology and should be reviewed and updated regularly.
4
4
Important things to know
Not all e-mail messages constitute a business record.
Not all e-mail rises to the level of admissible legal evidence. Certain conditions must be met.
Automatic archiving protects the integrity of e-mail for legal purposes.
Instant messaging use in business and the public sector has become widespread, despite the fact that often few controls or security measures are in place.
Typically as much as 80 percent of all IM use in corporations today is over free public networks, which heightens security concerns.
5
5
Important things to know COntd
IM monitoring and management technology provides the crucial components that enable the organization to fully implement best practices for business IM.
Enterprise IM systems provide a greater level of security than IM from free services.
Regular analysis and modification (if necessary) of business IM policies and practices will help organizations leverage the maximum benefit from the technology.
Records of IM use must be captured in real time and preserved to ensure they are reliable and accurate.
6
6
Discussions
7
7
Discussion Question
Chapter 12 – From the chapter reading, we learned that e-mail is a major area of focus for information governance (IG) efforts, and has become the most common business software application and the backbone of business communications today. In addition, the authors provided details to support their position by providing 2013 survey results from 2,400 corporate e-mail users from a global perspective. The results indicated that two-thirds of the respondents stated that e-mail was their favorite form of business communication which surpassed not only social media but also telephone and in-person contact.
Q : With this detail in mind, briefly state why the e-Mail has become a critical component for IG implementation?
8