Instant messaging (IM) tools are available to allow employees to communicate with each other in quick time. In many organizations, it forms a part of the corporate culture as it has many advantages, some of them being:
- Helps in reducing email traffic and phone bills
- Helps in grabbing attention of the users faster
- Enables desktop sharing
Even with these advantages, it is indeed surprising that some organizations do not allow the use of these tools. When I looked up the Internet to find the answers to this, I was shocked to read about the various threats that a simple tool like this can pose to an organization.
Why is the Corporate Sector at Risk?
The usage of instant messengers for business use, is increasing rapidly. Unfortunately, IM opens up various unsecured channels in an organization. The hackers and virus writing community have not wasted even a single minute in exploiting this drawback. A research conducted by FaceTime Security Labs shows that security incidents involving the use of IM, chat, and P2P networks were up by 2200% in 2005, as compared to 2004. A prominent example is that of the W32.Choke.Worm which used MSN Messenger to send itself as a reply to all incoming messages.
One of the major areas of concern is that these tools provide a new outlet for viruses, worms, spyware, and spamming, which has resulted in serious losses of resources and productivity. An interesting thing to note here is that some companies do not even realize that their employees are using such tools. This is because employees can directly download such programs on their local computers, and the traffic is virtually undetectable at the network level.
The chats cannot be monitored like emails. The log files generated by these tools are also very vulnerable, as they may contain sensitive and private data from past conversations. These files can be easily accessed and used by hackers, which can result in potential loss of business and reputation.
Using Trojan horses, hackers can actually obtain the password used to access the tool on the user's machine. The machine also becomes vulnerable to the denial-of-service (DoS) attack wherein the hacker can send a whole load of messages to the user for the sole purpose of overloading the network resources. This method can be further exploited by combining the DoS attacks with other security breaches like locking a user's account.
Another area of concern is that sensitive or confidential information about the organization can be leaked over the instant messaging software. As the tool is generally used for highly informal means of communication, employees can unconsciously send confidential information about the company such as source code information, client information, or product specifications to their friends who may be working for a competitor.
Lastly, because these tools tend to operate below the acceptable levels of information security protocols, they expose an organization to a regulatory compliance breach.
Why Blocking Them Doesn't Work?
Blocking the complete usage of an instant messaging tool at an organizational level is not a feasible option, the main reasons being:
- Blocking the usual ports will not help, as most tools have the ability to exploit any port on the network.
- All network providers of such tools have their own unique set of IP addresses which change frequently. Hence, the blocking policies applied on firewalls and proxies fail.
- The existing IM software are constantly evolving at a pace that firewalls and organizations cannot keep up with.
The security threat and the loss of productivity, data, and resources, are the major drawbacks of an instant messaging tool. However, several measures can be taken to create a more secure environment for the business. Educating the employees should be the first and most important step.
Further, enforcing company policies, installing desktop firewalls, and anti-virus programs on all machines, is another vital step to strengthen the network and avoid data theft. Also, ensuring that the IM application servers do not allow employees to send data outside the network, is an excellent way to safeguard the data. Lastly, the network administrator must keep all patches regularly updated.