In a recent whitepaper issued by MessageLabs, a division of Symantec, security risks surrounding instant messaging within a company are addressed in vivid detail. The document, entitled “Bullet-proofing Instant Messaging,” claims that 80% of “corporate or enterprise users” utilized an instant messaging service. While the practice of instant messaging opens up the possibility of many efficient opportunities in business processes, such as instant file transfer and rapid communication that allows multi-tasking more than the telephone does, users of instant messaging either on a business level or a personal level know that many risks come associated with it as well.
Some of the risks involved include the following:
- Quick spread of worms and malware from clicking links and automatically downloading files.
- Transfer of corrupted/untrusted files.
- Insecure access controls – IM services typically do not require industry-standard authentication procedures in terms of password strength or multifactor authentication.
- Liabilities with file sharing and copyright infringement: If a user’s “buddy” sends, for example, an illegally-downloaded music file to the user, both the user and the company could be liable for copyright infringement.
- Perhaps most importantly, cleartext transfer of potentially confidential data. Unlike internal email, this information typically does travel outside the organization’s firewall.
The document also outlines a variety of solutions to mitigate the risk that comes with instant messaging as a business solution. Predictably (as it is their product), MessageLabs promotes software-as-a-service solutions as a way to secure instant messaging platforms. They also mention options such as internally-developed secure IM platforms so that employees can IM each other from within the network. Perhaps the most practical solution, however, is employee diligence: If employees are careful about their behavior and the behavior of others surrounding their use of instant messaging, or of an organization strongly discourages instant messaging, opting to use email as a comparable mode of communication, many of the risks surrounding this practice can be reduced.
GraVoc Associates, Inc., located in Peabody, MA, is dedicated to providing solutions to its customers in Greater Boston, New England, and beyond through the use of technology. Specializing in the practices of information systems, professional services, and information security, GraVoc occasionally uses the GraVoc News Blog as a way to call customers’ and visitors’ attention to relevant, engaging topics such as this one. For more information on the company, please visit the GraVoc website at https://www.gravoc.com.