Business fails to keep up with IM spyware threat
Instant Messaging (IM) software in the workplace is running under the radar of IT and most security measures, a new study shows. It suggests many businesses are leaving themselves open to a flood of spyware by failing to manage their employees' use of IM.
Many businesses are leaving themselves open to a flood of spyware by failing to manage their employees' use of Instant Messaging (IM).
A survey of over 200 UK organisations in the private and public sector by IT distributor Peapod and security specialist FaceTime Communications shows that many clearly have no idea how to manage IM or protect their networks from spyware threats.
Of the 73 per cent of respondents that had suffered a spyware attack in 2006, 19 per cent were unable to identify the source, found the survey. In addition, of the 57 per cent of businesses that have banned IM in the workplace, nearly 70 per cent use methods to enforce the ban that are obsolete, easy to circumvent or ignore.
Despite the fact that spyware entering networks through IM channels is on the rise, many businesses still use port blocking techniques to control IM, not realising that many messaging applications are port evasive, often tunnelling through HTTP to find an alternative route if the default one is blocked.
The survey also showed most organisations that do allow IM do not consider the need to manage it, not realising that the law views the tool on an equal footing with email. It warns that in addition to letting in spyware and allowing users to release confidential information potentially undetected, IM can be used to form binding contracts or be the communication mechanism for harassment, defamation and bullying.
"Businesses must prioritise the 'must haves' from the 'nice to haves', particularly where the business drivers are to protect its brand, reputation and itself from the risks," says Rehman Noormohamed, an associate with international law firm Eversheds and a former member of the All Wales E-Crime Steering Committee. "I would expect to see both compliance with the law, including the Data Protection Act 1998, and the need to allocate and maintain an appropriate IT security budget high on any list of priorities."
He believes that with all new forms of communication, there is a calculation that companies need to make: "Part of the challenge is to increase the understanding of what the risks are to enable businesses to undertake any meaningful cost benefit analysis," he says. "Organisations must identify, assess and then properly manage the relative impact of legal, technological and operational risks to its business model," he believes.
"As the survey shows, technology is not the only answer when viewed in isolation," said Chris Durnan, managing director of Peapod. "It is also down to the user to play a key role in ensuring that spyware doesn't get a foothold in the infrastructure. IM is a communications tool with some pretty emphatic benefits for those who use it correctly, but carries a nasty sting for anyone careless or ignorant."
"It's worrying to think that with all the focus on archiving email records that the same does not apply to IM," says Sarah Carter, partner manager of FaceTime. "With all the concerns about legal and standards compliance it's clear that there is a huge potential for organisations to 'catch a cold' in the near future."
Reproduced from an article published by PC Pro
© PC Pro
The original article can be viewed here:
http://www.pcpro.co.uk/news/105933/business-fails-to-keep-up-with-im-spywar...
Permalink Bookmark Digg this story
