Enterprise must take security threats posed by IM seriously

Instant messaging (IM) has grown significantly in use over the past few years. In Scansafe's research for its development of its IM Control service, which is being launched beginning of April 2006, the web security company found that the vast majority of organisations are already using one or more of the main IM solutions, and are finding that the use of IM is becoming almost as important as email for its employees, as it provides significant business benefits.

While many companies do not want to block IM per say, there is, however, most definitely the need to make IM more secure - IM communications have the same potential as email to deliver viruses, worms, trojans, and spyware malicious and unwanted content, and cause identity intrusion issues.

Furthermore, IM services also share many of the same regulatory compliance issues, including the need to monitor for legal and regulatory requirements, and common archiving and privacy issues.

Yet a lot of IM installations are being completely uncontrolled by the corporate IT department. A number of IT departments may say that they already block IM, only to find that someone turns around and says "Well, I'm still using it."

These IM problems exist because of the informal way in which IM usage first arrived into the business arena, with staff making use of IM technology before seeking formal management approval. Furthermore, it remains the case that many organisations still unofficially allow IM communications to take place without giving enough thought to putting protection and management systems in place to deal with the potential security fallout.

As such, organisations need to stop being surprised by the level of IM use by its employees and assume control of the situation, taking it as seriously as email and other threats to IT security.