* SPIM
Similar to spam, spim is unsolicited messages sent via IM. Spim can be used to lure unsuspecting users to websites designed to collect private information. Web bots deployed by advertisers and spammers often collect screen names from public directories where individuals can list their IM screen names. To reduce spim, businesses should advise employees against listing screen names on any public directories or websites, and also to configure their IM clients to accept messages only from an approved list of contacts.
While many of these threats have the potential to wreak havoc on any business, there are a few steps businesses can take to mitigate IM threats so they can fully enjoy the benefits of IM:
* Install IM Security Tools
IM security tools span a variety of functions from capturing data sent over IM, to monitoring and tracking unusual IM behavior which may indicate misuse or virus-related security breaches. By installing IM security tools, businesses will have a more comprehensive, centralized solution to help manage IM usage within the company.
* Educate Employees and Create Corporate Policies
Employee education on any exchange service is paramount in securing the IT infrastructure, but especially on IM usage because of the potential for rapid proliferation throughout the network. Businesses should make it a priority to learn about the best safety and security practices and incorporate them into company policies. To protect businesses and employees, businesses should define appropriate uses of IM in the workplace and encourage precautionary measures such as not storing IM passwords on the computer.
*Secure IM Logs
Because IM programs automatically create and store logs of all conversations on a user's computer, hackers can obtain valuable information on a business, including specific statements made during a conversation as well as business secrets discussed via IM. One way to secure IM logs is to store them behind a corporate firewall or even delete the logs. These options are available in the preferences section of the program.
* Use Vulnerability Management Tools for Compliance
Businesses can install and use vulnerability management tools to gain an overview of IM software installed on employee machines. Using these tools, they can monitor whether employees have made any changes to their IM programs that violate business policies, and make sure that desktop firewall and antivirus programs are being used properly.
* Install Desktop Antivirus and Firewall Programs
Since spam sent over IM typically requires users to download and open an attachment. Security at the desktop and firewall level can guard against threats by blocking an attachment or cleaning an infected file. Installing desktop firewalls help protect individual machines from attacks from within an organization or through a LAN. Desktop firewalls are also good for those in a remote office or who handle sensitive data. Businesses should also install desktop antivirus programs to provide a final line of defense against viruses, worms, and Trojan horses.
* Install and Update IM Patches
The major public IM networks frequently deploy IM patches in response to newly discovered vulnerabilities in their programs. Businesses can reduce the risk of attacks to their computers via IM by installing and updating IM patches regularly.
There are many advantages to using IM in a business setting. If businesses choose to use this communication tool, they need to understand the security threats to IM and how to protect their business. By educating employees, enforcing policies, installing protective technologies, and, where possible, encrypting IM conversations, organizations can continue to enjoy the benefits of using IM as a business tool while also managing its risks.
