The vast majority of today’s 200 million instant messaging (IM) users are personal users. Business use will be a significant growth factor this year for IM—but only if companies adopt formal policies on how and when to use it. Moreover, businesses need to find creative ways to use the technology to make money rather than considering it a “necessary evil.”

Having already addressed this issue from the security perspective in a previous article, “Next IM adoption wave arriving soon,” I’ll now examine corporate IM adoption and discuss how to go about putting a formal IM policy in place.

Do people really need IM?
I’ve worked with several companies that have integrated IM into their businesses. In every case, IT management said IM was unnecessary—and yet users considered it almost essential.

This is because IM blends some of the best features of telephone calls, face-to-face meetings, voice mail, and electronic mail. IM allows for synchronous conversations (such as phone calls and face-to-face meetings do) while still allowing people to be at their desks (like electronic mail does). The best part is that the user determines when IM discussions can happen. IM conversations always start on the basis of “known presence.” When you’re ready to accept an IM conversation, you allow the IM client to display your status as “online.” When you’re busy or away, you set the status accordingly. This is unique to IM. There is no presumption of availability as with a telephone call, or the expectation of immediate response as with the sending of an electronic mail message.

Developing an IM policy
Unfortunately, not many CIOs appreciate this capability yet. In fact, most CIOs to whom I’ve spoken about their adoption of IM have taken one of two approaches: They’ve either tried to eradicate it or have chosen to ignore it.

Those attempting to eradicate it have blocked external ports that are commonly used by IM conversations or, in the extreme, have locked down workstations to keep IM clients from being installed. One company even delayed a Windows XP workstation rollout until tech leaders could figure out how to remove Windows Messenger and keep it from “sneaking” back in using the corporate Windows Update service. Those choosing to ignore it have simply told their network engineers to let them know if it becomes a primary cause of network saturation.

The few who are taking it seriously have decided to either tightly control it or just recognize it and issue guidelines. Tight control means that administrators can choose who has access to IM and that they have the ability to audit every conversation.

Although many CIOs see this as intelligent corporate policy, I think it has two distinct disadvantages. First, alerting your employees that you’re auditing their conversations may discourage them from using IM as a brainstorming mechanism for fear that comments may be misinterpreted. Second, the first time a transcript of an IM conversation appears in a court case, the company’s legal team will seriously question the decision to audit IM in the first place.

I think it makes a lot more sense to encourage IM adoption by asking users to observe a few simple rules rather than turning IM into a presence-based replacement for e-mail and similarly trying to legislate its utilization.

Here are a few simple rules that should be included in an IM user policy:

  • Use IM status flags: The power of IM is the ability to participate in a conversation when you’re truly available but to be left alone when you’re busy. Encourage users to set status to “away” or “busy” to reflect their current state. I also encourage users to shut down their e-mail client and set their phone on “Do Not Disturb” when they set their “busy” flag. If you’re too busy to be engaged in IM, then you’re too busy to be interrupted by e-mail or phone calls as well.
  • Use abbreviations sparingly: Although kids use abbreviations as a second language, many adults who are new to IM don’t know them. Common abbreviations such as BRB (be right back) and LOL (laugh out loud) will become part of a new user’s IM lexicon over time, but inundating people with them just makes conversations confusing.
  • Use mixed case: Many of the same rules for using electronic mail apply to IM. Typing messages in all caps is considered shouting and should be reserved for occasions when you genuinely want people to perceive it as such.
  • Don’t copy a conversation thread without at least giving notification: All IM clients allow you to cut and paste the contents of a conversation thread in order to either e-mail it or save it for future reference. If users intend to copy or distribute contents of a conversation thread, they need to notify participants before the end of the conversation.
  • Limit group IM conversations to five or fewer participants: In general, you should limit the total number of participants to no more than five people at a time. If you have more people (e.g., you’re using IM as a training tool), then try to limit the number of people typing to five to keep interaction manageable.
  • Don’t impersonate someone else: Not only is this deceitful, but it’s bad etiquette as well. Users should log off the IM client (or better yet, log off the computer entirely) when they leave their desk and should keep their password secure.

Corporations should allow IM to flourish by giving guidelines instead of imposing excessive rules and auditing IM conversations (except if required by law, as would be the case with brokers). By encouraging controlled growth of IM and giving appropriate guidance via a formal policy, CIOs can develop an environment of intelligent messaging in their organizations.