Digital MarketingStrategiesIM Use a Big Security Threat

IM Use a Big Security Threat

Instant messaging itself doesn't create security threats, but the people who use IM do, according to a new survey of security managers.

When it comes to security issues in the enterprise, blame the messenger and not the communications channel – at least that’s what a majority of IT security pros say in a new study from Gartner Inc. for managed security-services provider Guardent Inc.

Eighty percent of all network security managers who were surveyed at the Gartner Information Security Conference in Chicago, claim their biggest security threat comes from their own employees. Just as surprising is that 58 percent of those surveyed said the careless use of personal communications by their employees – especially email and instant messaging (IM) – poses the most dangerous security risk to their networks.

On the flip side, just 22 percent point to deliberate insider breaches as their biggest concern.

The Gartner/Guardent survey’s results are very surprising, especially when recent news stories of bugs and breeches of public IM systems are taken into account. While extra precautions can be taken to avoid those technical maladies, though, the human part of the IT equation definitely needs work.

Gartner’s/Guardent’s findings once again emphasize the need for corporations, organizations and governments to not only develop and implement comprehensive security policies, but to enforce them as well. Those policies now must also include IM usage, if they do not already.

In a study by INT Media Research (a division of INT Media Group, which also publishes this Web site), 70 percent of businesses surveyed said they don’t offer their employees guidelines on acceptable use of IM technology.

All of this data should not, however, discourage management from enabling their employees to use IM – preferably an enterprise-strength IM system that exists either from behind a firewall or as part of a ASP-supplied service.

The INT Media Research survey says that of the 47 percent of enterprises allowing or supplying IM access in the workplace, 13 percent take no security precautions whatsoever. Forty-one percent said their IM applications are installed behind a commercial firewall, while 41 percent said a network firewall prevents access to unauthorized free IM services. Just 5 percent said they outsource IM security functions to a third-party firm.

Such an enterprise system can come with interoperability, so that employees can chat with people on the free IM networks.

The use of free IM clients alone on a company’s network, though, is another matter. By using the services, messages sent by employees are essentially “in the clear” on the Internet, meaning that a savvy eavesdropper can “see” the IM session. Also, hackers use the public IM nets to try to entice unsuspecting workers to go to a malicious Web page or click on a link in the IM window. By following hackers’ leads, employees can unknowingly let a worm loose on a company’s network – especially because IM attachments can’t be easily scanned for viruses.

What’s more, employees open themselves up to the growing trend of IM spam by using the public IM nets.

While the question of deliberate intrusions by malicious hackers did not show up in the survey, IT managers nonetheless should take proactive security measures such as internal intrusion detection solutions and regular internal and external vulnerability scanning.

To mitigate the risk of IM vulnerabilities, Gartner recommends:

  • Security administrators should stay on top of the spate of alerts in regards to IM.
  • Administrators should also attempt to get users to apply patches in a timely manner and to treat IM as a formal communication tool subject to the same usage restrictions as email.

When choosing among competing IM systems, enterprises should heavily weight the security of the code, Gartner added.

Reprinted from Instant Messaging Planet, an internet.com site

Related Articles

How financial services CMOs should approach regulation

Digital Transformation How financial services CMOs should approach regulation

2w Al Roberts
How are traditional banks competing for customers in a digitally disrupted industry?

Finance How are traditional banks competing for customers in a digitally disrupted industry?

1m Al Roberts
5 cross-platform automation tools to improve your team's efficiency

Collaboration 5 cross-platform automation tools to improve your team's efficiency

1m Tereza Litsa
How challenger banks are revolutionizing the banking customer experience

Finance How challenger banks are revolutionizing the banking customer experience

3m Al Roberts
8 ways AI can enhance your marketing strategy today

AI 8 ways AI can enhance your marketing strategy today

3m Marcela De Vivo
Why banks are becoming customer-centric organizations

Analyzing Customer Data Why banks are becoming customer-centric organizations

1m Al Roberts
Five tools to automate lead nurturing in sales

Ecommerce & Sales Five tools to automate lead nurturing in sales

2m Tereza Litsa
How CMOs are using apprenticeships to bridge the digital skills gap

Marketing How CMOs are using apprenticeships to bridge the digital skills gap

2m Christian Doherty