Most organizations aren't totally shutting out IM communication in the workplace. Experts offer this advice for weighing the risks and implementing security policies:

-- Before imposing an IM ban, examine business uses for the technology and weigh the trade-offs.

-- In the early stages of IM adoption, consider incorporating IM into the established rules for e-mail usage, and follow e-mail best practices.

-- Determine immediately whether industry regulation or internal policies mandate IM archiving, and plan accordingly.

-- Suspend immediately IM messages that run afoul of industry regulations, and notify compliance officers or attorneys.

How to: Get the word out to your staff about information security

All the technology in the world can't keep your information safe if your workers aren't clued in to company policies. Here are the top tips for effectively communicating information security to workers:

-- Know your audience and consider the most effective media for getting a particular message across to different crowds. Baby boomers prefer straightforward communication, such as well-written memos, while Gen Y workers prefer messages that are quick and to the point.

-- Interactive communication techniques, such as video games and comical multiple-choice quizzes, can be engaging while providing managers with a means of assessing their effectiveness.

-- Top-down edicts on corporate security policies don't resonate well with younger workers. Annual broadcasts aren't frequent enough and are quickly forgotten.

-- Try to make newsletters or e-mails colorful. For instance, a set of "Did You Know?" bullet points can be both entertaining and educational.

-- In face-to-face meetings with workers, explain not only what is being done (for example, desktop encryption) but why it's being done. Be sure to allow employees to ask questions and offer feedback. It not only helps them feel like their opinions matter, but managers can also draw from their ideas to improve policies and operations.

-- If you offer workers information security recommendations or warnings that can be applied outside the workplace -- on the technical risks of sharing iPod songs on a peer-to-peer level, for example -- employees are more likely to pay attention to policies that apply at work.

-- Having a communications specialist or business executive discuss the importance of information security can convince employees that the topic is a business issue -- and not something they normally equate solely with IT.