Experts: Keep an eye on employee IM use

Share this article:

Safe instant messenger (IM) use in the workplace is dependent on enforcement of company regulations and monitoring new threats, researched major security firm recommended this week.

While 60 percent of companies monitor and secure email, nine out of ten organizations lack any security structure for IM, according to researchers from Symantec.

Malware is a major IM issue for enterprises because threats for the communications platform are unique and growing rapidly - infecting a growing number of users when combined with social engineering.

Messenger use also increases the risk of lost intellectual property and sensitive information, according to Symantec, and can lead to legal risks, since many employees do not realize IM conversations are subject to human resource department policies.

IM conversations are also subject to corporate governance statutes, including the Sarbanes-Oxley Act or the Health Insurance Portability and Accountability Act.

Lee Weiner, senior product manager at Symantec, told today that security issues with IM are similar to those with email.

"I think one thing that's happening is that companies are starting to use IM because of the benefits, in reducing costs in travel or costs of using email. People need to understand what the risks are," he said. "In some cases, people are misusing IM in the same way they misuse email."

AOL IM users are the target of one newly discovered worm that turns machines into a bot, FaceTime Communications and other firms warned this week.

The worm, W32.pipeline, delivers an executable file after the user views what appears to be a .jpg file. It then dials out to host computers and distributes the worm through a user's buddy list.

David Hahn, senior product manager for MessageLabs, told today that corporate IM use has been driven by employees and not the IT professionals.

"Email is the de-facto communications of choice in today's environment," he said. "IM is rapidly growing because it's driven by employees, and not the IT administrators. It's almost a reversal of how technology is propagated."

Click here to email Frank Washkuch Jr.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Next Article in News

Sign up to our newsletters


More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.