Using Internet Telephony For Professional Communications – Is It Worth It? Is It Safe? April 22, 2008
Posted by charitysolutions in charities, charity computers, charity IT, General.add a comment
Todays workplaces are faced with challenges every day because of the introduction of new technologies. It can be difficult to keep up with the steady stream of new advances and even trickier to know which ones could, with correct usage, make your office life easier.
Take Skype for example. Skype – and other similar services such as Gizmo – allow users to make telephone calls over the internet to other users of the same service free of charge. This communication method has its benefits although there are a few potential downsides that you need to consider as well.
Services such as Skype are fast gaining in popularity. Calling between computers both using the chosen service is completely free, obviously an appealing feature to many people. Most of the services also offer the ability to call “normal” telephone numbers (mobile or land lines) at fairly competitive rates – often really competitive for international calls. Some providers also provide an additional service that (for a monthly or yearly fee) provides you with an incoming phone number. This is a fantastic way to get a number in (depending on the provider) the town or country you want – giving you a pseudo-presence there and making it cheaper for you colleagues, or supporters in that area to call you.
However, though the services are generally reliable, we would not advise relying on them as your only method of telephony – incoming or outgoing. If the service does fail (as happened for several days last year to many SkypeIn users for example) you will be left without any method of telephone contact – which not only will cause major inconvenience but does little for your professional profile.
According to the majority of users the audio is generally superb but the big question is really is it secure to use in an office environment? Each provider will have their own individual security features, so let’s take Skype as an example.
When calling Skype to Skype the calls are strongly encrypted so therefore at the higher end in the security stakes compared to other things that use the internet. If using Skype to call to mobile or landlines however, the calls are only encrypted for the Skype portion and not when they hit the public domain. This is fine if you have offices dotted about the country, or world, and you can implement a company-wide policy of Skype usage between offices, but if you are a smaller organisation mainly communicating with customers using a regular landline/mobile service you cannot guarantee the complete security of the conversations. This is not to say that using Skype is more of a threat to charities than other ‘techie’ tools, such as email, but because Skype is newer the vulnerabilities may not be as well known.
Compliance and protection of information within organisations is also a hot topic these days. Organisations need not only to know what information is entering and leaving the office but also to log and archive it as well. It is difficult for third party applications (ie monitoring tools) to interface with Skype. This makes it very difficult to know exactly what information is entering or leaving the organisation. Sensitive information could be passed on with no way of tracking where and from whom it originated.
Perhaps the answer is not to ban Skype flat-out but if you are going to consider its use, then control it – as you do with email. Policies on acceptable usage, such as no file transfers, and cautions against using it for sensitive communications, should be written and enforced.
Any comments, queries or suggestions for follow up topics that you would like us to cover? Just leave a comment or contact us (details on the About Us page) and we will do our best to help.
Using Instant Messaging in the Office April 7, 2008
Posted by charitysolutions in charity computers, charity IT, General.add a comment
We have received a question about using Instant Messaging services (such as AIM, Yahoo, MSN Messenger & Skype Chat) in the office: “Is it safe to allow our employees to do this, what are the benefits and what are the dangers?”
This is a pretty complex subject for a single blog entry – and as with anything to do with security and technology, things are changing all the time – but here are some pointers for you to consider when making your decision.
IM can be handy as a means to communicate very quickly when situations require. The ‘real time’ aspect of messaging is appealing to many as it can save huge amounts of time if you require advice or an opinion in a hurry – without the cost of a telephone call. You can’t get faster than instant! Also, as most IM software is available as a free download so it’s unarguably a cost-effective communication tool.
But, it is also undeniably an easy way for people to chat about non-work related subjects, or even moan about work in general. It’s not really the done thing in offices these days for people to sit at their desk and chat on the phone to friends. However, chatting on IM is a means for people to do the same thing without getting caught. Co-workers and supervisors may assume the person was discussing serious work matters but in practice it could actually be plans for the weekend or the latest episode of EastEnders!
It may be quick and convenient but is it secure? Different IM applications use different protocols and standard firewalls may not block or detect them. Some IM clients can use ports other than those associated with IM even commonly open ports such as 80 (normally associated with web browsing).
IM programs such as AIM, Yahoo and MSN Messenger pose additional possible security issues. These programs often allow more than just chat: they allow file transfers as well. Not only could users send documents – a recent study revealed that around 32% of companies have found employees passing confidential information to a third party – but users can also receive files that may possibly contain viruses or malicious code. Not to mention the liability nightmare if employees use the file transfer feature to share copyrighted music, movie or software files in violation of the law.
Is there an answer without an all-out ban? It could be a simple case of allowing one type of IM to be used over another. There are two basic types of IM technologies: peer to peer (P2P) and client-server. With a P2P system, IM clients communicate with each other directly hence they are less secure as there is no centralised control. With a client-server system, communications go through a central IM server from which it is passed on to the recipient. With client-server systems, IM communications can be monitored and logged at a central location (which also conforms to current compliance regulations). Not only do you have an audit trail but employees will be deterred from engaging in non-work related chit-chat and file swapping if they know they could be found out and held accountable!
Many places already have employees using IM at work, and the automatic assumption – that it cannot be used safely or is hindering productivity and therefore should be blocked – is probably unfair. Used and monitored properly, IM can be a great tool – but, like most other modern tools, it does need to be controlled and monitored if you are to ensure that productivity doesn’t suffer and that your network and data is to be kept secure. Like most other things out there, you just need to know what you are dealing with and know how to control it.
Any comments, queries or suggestions for follow up topics that you would like us to cover? Just leave a comment or contact us (details on the About Us page) and we will do our best to help.
