Ending Soon! Save 33% on All Access

Mitigate IM Security Threats Follow these steps for protecting IM as a business tool.

Instant messaging has become a common means of communicating in the business world. Once limited to desktops, IM is now available via handheld devices and cell phones, allowing users to chat from virtually anywhere.

However, like any form of communication through the internet, IM is accompanied by its own set of security risks. Whether deployed by users at their place of business or on their home computers, IM is generally unprotected and unmonitored, leaving it vulnerable to attacks. One infected computer can result in messages being sent to all users in an IM contact list on that machine.

Furthermore, popular IM protocols are increasingly becoming interoperable. While this allows users from one network to communicate with users from another network without having to install multiple IM clients, it may also encourage attackers to concentrate their efforts on these protocols that represent a larger group of users. In such a scenario, any malicious code that propagates through one of the protocols could likely propagate through the other.

Some of the most common threats to IM include:

  • Spim
    Spim is the spam of the IM world. Spimmers pose as IM users and send messages to randomly generated screen names and to names illegally collected from the internet through automated programs. Spim isn't only annoying to deal with, but it also can be used as a conduit for security breaches.
  • Trojan horses
    A number of Trojan horses target IM. Some of these Trojans pose a large threat, allowing anyone full file access to a computer. Others are classic backdoor Trojans that use IM to send messages to the author of the Trojan, giving the hacker information about the infected computer, from IP address to open ports.
  • Worms
    Just as e-mail messages are used to spread worms, so is IM. As a result, users shouldn't accept, click on or launch suspicious instant messages.

A few of the proactive steps that small businesses can take to secure their IM environments include:

  • Educate employees and create corporate policies.
    An important first step in IM security is to learn about safe practices and how to incorporate them into company policy. To protect your business and your employees, you should define appropriate uses of IM in the workplace and encourage precautionary measures, such as not storing IM passwords on the computer, never accepting messages from unknown sources, exercising caution when opening files or links, and not accepting file transfers.
  • Install desktop security software.
    Since spim typically requires users to download and open an attachment, security at the desktop level can guard against threats by blocking an attachment or cleaning an infected file. Install desktop firewalls to help protect individual machines from attacks from within an organization or through a local area network. Desktop firewalls are also good for those in a remote office or who handle sensitive data. You should also install desktop antivirus programs to provide a final line of defense against viruses, worms and Trojan horses.
  • Install and update patches.
    The major public IM networks frequently deploy IM patches in response to newly discovered vulnerabilities in their programs. You can help reduce the risk of attacks to your organization's computers by installing and updating IM patches regularly.
  • Secure IM logs.
    Many IM programs automatically create and store logs of all conversations on a user's computer. Hackers can gain valuable information from these logs, including specific statements made during a conversation, as well as business secrets discussed. To safeguard the content of IM conversations, consider either storing them behind a company firewall or deleting the logs. Most public IM programs have a deletion option in their preferences section or in the log manager section.
  • Encrypt messages.
    While the preceding recommendations will help you and your employees use public IM networks securely, companies that use IM for business communications should also consider using their own IM servers together with encryption.

By educating employees, enforcing policies, installing protective technologies and, where possible, encrypting IM conversations, you can continue to enjoy the benefits of using IM as a business tool while also mitigating its risks.

Mark Pieningis senior director of worldwide small- to medium-sized (SMB) marketing for Symantec Corporation, which offers a host of security and availability products, as well as information on the latest security threats at www.symantec.com. He can be reached at mark_piening@symantec.com.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Most Popular

See all
By Emily Rella
Business News

These Are the Highest Paying Jobs in Every U.S. State, According to a New Report

Certain states pay higher salaries for the same job.

By Sherin Shibu
Career

Is Consumer Services a Good Career Path for 2024? Here's the Verdict

Consumer services is a broad field with a variety of benefits and drawbacks. Here's what you should consider before choosing it as a career path.

By Entrepreneur Staff
By Emily Rella
Business News

'Creators Left So Much Money on the Table': Kickstarter's CEO Reveals the Story Behind the Company's Biggest Changes in 15 Years

In an interview with Entrepreneur, Kickstarter CEO Everette Taylor explains the decision-making behind the changes, how he approaches leading Kickstarter, and his advice for future CEOs.

By Sherin Shibu
Business Ideas

87 Service Business Ideas to Start Today

Get started in this growing industry, with options that range from IT consulting to childcare.

By Guen Sublette