Unfortunately, such high growth rates attract hackers, who notice a couple of enticing features when attacking instant messaging. With most applications, including email, users open the client software for only a few minutes, complete their work, and then close them. IM does not fit that profile. Because users are never sure when an Instant Message may arrive, this client is often open all day long. This feature provides more opportunities for hackers to try and finagle their way into enterprise networks.
Instant messaging also offers hackers an easy way to spread their malware. Hackers can embed hyperlinks in IM spam that may provide doorways through which other malware may enter corporate networks. Upon seeing a message from a friend or colleague, a user may click on a spam link and not notice that a rootkit was being installed onto his or her system. A rootkit is a tool designed to go undetected by the security software used to lock down control of a computer after an initial hack. The malicious attacker then gains control of the personï¿¼s computer. The hacker can then distribute malware spam messages to that userï¿¼s IM contact list.
Another problem for users is that many IM systems keep a record of all their conversations. Once a hacker gains access to a computer, he could take this file and send it to everyone on a personï¿¼s Buddy List. This transgression could create problems, ranging from embarrassment to lawsuits.
Enterprises can take a few steps to lessen the likelihood of IM malware damaging their companies. First they can conduct an inventory and determine how many of their employees now use Instant Messaging and determine whether or not that use is appropriate. They can also turn off the software unless a user is in communicating mode. Last, they can check with their antivirus software supplier; many vendors now have products designed to thwart IM malware. Instant Messaging can be a productivity boom, but companies need to make sure that these conversations are safeguarded so they do not become an operating base for hackers.
How much use does IM have in your company? What steps have you taken to ensure that these transmissions are secure? What would like vendors to do to make Instant Messaging a more secure communications option?