Time to Guard Your Instant Messaging Traffic

One downside with popular IT technologies is they attract unsavory elements. Akonix Systems Inc. , a vendor specializing in instant messaging security products, reported that the number of instant messaging specific viruses doubled from July to August. The change could mean a shift in hacker priorities, so therefore small and medium enterprises need to take a closer look at protecting their IM traffic.Instant messaging has evolved from an interesting amenity to a vital business communications tool. The market research firm The Radicati Group expects worldwide Instant Messaging revenue to grow from $203 million in 2007 to $530 million in 20011. Many medium and small businesses are using it to streamline communication and improve productivity.

Unfortunately, such high growth rates attract hackers, who notice a couple of enticing features when attacking instant messaging. With most applications, including email, users open the client software for only a few minutes, complete their work, and then close them. IM does not fit that profile. Because users are never sure when an Instant Message may arrive, this client is often open all day long. This feature provides more opportunities for hackers to try and finagle their way into enterprise networks.

Instant messaging also offers hackers an easy way to spread their malware. Hackers can embed hyperlinks in IM spam that may provide doorways through which other malware may enter corporate networks. Upon seeing a message from a friend or colleague, a user may click on a spam link and not notice that a rootkit was being installed onto his or her system. A rootkit is a tool designed to go undetected by the security software used to lock down control of a computer after an initial hack. The malicious attacker then gains control of the persons computer. The hacker can then distribute malware spam messages to that users IM contact list.

Another problem for users is that many IM systems keep a record of all their conversations. Once a hacker gains access to a computer, he could take this file and send it to everyone on a persons Buddy List. This transgression could create problems, ranging from embarrassment to lawsuits.

Enterprises can take a few steps to lessen the likelihood of IM malware damaging their companies. First they can conduct an inventory and determine how many of their employees now use Instant Messaging and determine whether or not that use is appropriate. They can also turn off the software unless a user is in communicating mode. Last, they can check with their antivirus software supplier; many vendors now have products designed to thwart IM malware. Instant Messaging can be a productivity boom, but companies need to make sure that these conversations are safeguarded so they do not become an operating base for hackers.

How much use does IM have in your company? What steps have you taken to ensure that these transmissions are secure? What would like vendors to do to make Instant Messaging a more secure communications option?