AOH :: ISNQ5410.HTM

Enterprises urged to plug IM security holes




Enterprises urged to plug IM security holes
Enterprises urged to plug IM security holes



http://www.vnunet.com/vnunet/news/2212630/enterprises-urged-plug-im 

By Clement James
vnunet.com
25 March 2008

One in four employees has used instant messaging to send information 
about company plans, finances or password/login credentials, security 
experts have warned.

FaceTime Communications said that enterprises need to wake up to the use 
of real-time communications in the workplace and ensure that they have 
the ability to log, archive and retrieve the communications.

A review of thousands of pages of IM conversations in the recent Socit 
Gnrale trading scandal revealed that the rogue trader may not have acted 
alone.

The reports note that much of the trading scheme was discussed over 
instant messaging, as opposed to more traditional email channels. Socit 
Gnrale's ability to retrieve these messages provided a clear trail for 
investigators.

"The financial sector has long led the way in the use of technology, and 
its adoption of instant messaging is no exception," said Nick Sears, 
EMEA vice president at FaceTime.

"Employees frequently believe that their IM conversations are private, 
as the Socit Gnrale case shows.

"By and large the employees are correct as many businesses do not even 
recognise that real-time communications are being used on their systems, 
let alone monitor it."

FaceTime added that IM is not the only real-time communication tool that 
organisations should be wary of when it comes to information leakage and 
employee collusion.

"Even if you ignore the fact that you cannot scan for malware using 
traditional security tools, encrypted VoIP is still a major headache for 
companies in terms of data leakage," said Sears.

"It is not just conversations that go unmonitored. Most VoIP clients 
allow you to exchange files too, allowing confidential documents to slip 
easily in and out of the organisation before you can say 'regulatory 
investigation.'"


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 

Site design & layout copyright © 1986-2014 CodeGods