It's time to talk about the birds and bees... and the emoticons
There are some rules which are universal to human nature. One is that if you tell people simply not to do something, they will inevitably do it at the first available opportunity and, more often than not, run greater risks as a result.
The parents who tells their teenagers they'd "better not even think about having sex until they are 18" might as well cut to the chase and book them in at the local STI clinic, or antenatal classes while they're at it.
Likewise the parents who convince themselves that 'their precious' is different and won't get mixed up with boys, or the kinds of girls their mother should have warned them about, are only fooling themselves and only putting their child at risk.
IT security is similar in a lot of ways. "Don't download this" and "don't use that" are akin to invites to do exactly the opposite – and all such instructions can lead to some nasty infections and unwelcome surprises along the way.
Instant messaging, for example, has long been identified as a growing source of infection and some are still favouring the "don't do it" line of prevention. There is a relationship there.
According to experts in the enterprise IM field, companies who think they have no IM use within the organisation tend to be among the ones who have most.
More effective in addressing the problem would be if companies were to sit down with staff, understand why they want to use IM, what they think it will enable them to do and explain explicitly in language they understand what the risks are.
If IT managers remain convinced they are going to do it and have good reason to, then ensure protection is involved and ensure they understand how it is used.
IM does provide business benefits, undoubtedly, and it's no longer reasonable to expect people not to use it, or want to use it.
There are steps companies and employees can take to protect themselves, but first they must understand the risks, the responsibilities and the benefits. Similarly, greater etiquette and mutual respect is called for.
Simply launching a pop-up message box on somebody else's desktop with a link and no text assuring them it really is you messaging them helps breed a culture that can be exploited by virus writers.
Staff need to be advised of the measures they can take to create a secure behavioural environment to complement any IT measures in place.
In short, instant messaging between two consenting adults can be a beautiful thing – when done safely.