How to Avoid IM Security Problems
Love it or hate it, instant messaging has potential for security problems. Here’s how to avoid them. By Jennifer McAdams
Computerworld - Celebrity tabloid headlines would scream if the Screen Actors Guild- Producers Pension and Health Plans (SAGPH) suffered an instant messaging breach that spilled sensitive medical information about the nation’s biggest stars. So, like many other organizations, this benefits provider enforces rules to prevent IM from jeopardizing its data security.
Aside from the bulk of financial services corporations, most companies aren’t totally shutting employees out of IM communication in the workplace. In fact, in an exclusive Computerworld survey of 113 IT managers, 40% said their companies use instant messaging as a sanctioned form of interoffice or intercompany communication.
But while companies are recognizing a plethora of legitimate business uses for the technology, many are moving slowly to incorporate security technologies that drastically reduce IM risks like spyware, virus infiltration, phishing and data compromise — the same vulnerabilities often associated with e-mail. In fact, in a February survey of 192 IT executives by Enterprise Strategy Group Inc., nearly 30% of respondents said they hadn’t deployed any IM security technology.
The Pain of Progress
Upfront recognition of IM as a powerful business tool also requires upfront employee accountability for its use. Companies embracing corporate IM are controlling its use through guidelines and policies, and IT executives are sorting through a variety of security technologies, such as URL filters, proxy servers, firewalls and stand-alone IM security tools.
“Very few companies can ban IM usage outright,” says Peter Firstbrook, an analyst at Gartner Inc. “It has simply become too valuable a communication tool. However, some enterprises are restricting both the type of IM network employees use and advanced features such as file transfers and gaming.”
They may be reluctant to curb or ban IM, but companies expect their employees to behave appropriately, says Kevin Donnellan, SAGPH’s assistant CIO. “The most important action enterprises can take in controlling instant messaging use is to ensure employees are using it under prescribed guidelines,” he says.
SAGPH relies on Symantec Corp.’s IM Manager to enforce usage policies. IM Manager provides security and archiving capabilities for several IM functions, such as text messaging, and application and file sharing — including audio and video swaps, which have become common in IM exchanges. SAGPH and other health care organizations must also contend with IM-related compliance and data retention requirements of major statutes such as the Health Insurance Portability and Accountability Act.
Meanwhile, another heavily regulated sector has looked long and hard at IM and still isn’t convinced that it’s worth the risk. “The financial services industry has had to focus on this area for a few years now because Securities and Exchange Commission regulations require retention of IM communications for three years,” says Richard Wolf, managing partner at Lexakos LLC, a West Orange, N.J.-based business advisory firm that specializes in compliance and records management.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Logicalis eBook: SAP HANA: The Need for Speed Without timely business insights, organizations today can suffer logistical, manufacturing, and even financial disaster in a matter of minutes
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Legal White Papers | Webcasts