Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Free guide available for securing employee use of instant messaging

Network Box : 08 June, 2009  (Technical Article)
Network Box believes that blocking IM use is unproductive and has released a free guide to using the technology in business safely
A new guide to securing instant messaging (IM) advises companies to control employees' use of IM, rather than blocking it outright. Securing IM is the latest in the 'Securing Social Media' series of guides from managed security company, Network Box. The guides are all free to download from Network Box's website.

According to Network Box, companies are increasingly finding that their employees use IM, often for a business reason such as customer contact, or contact with remote teams. However, many IM services are not secure, and so IT managers should control which services are used and secure them effectively.

Securing IM use is simple and inexpensive. The biggest threat from IM is of employees clicking on malware-infected web links, shared over IM.

Employee education is the most important factor in securing IM, says Simon Heron, Internet Security Analyst for Network Box: "We need to go through a similar education process with employees as for spam email. Broadly, the messages for employees are: only use the service approved by your IT department, don't trust anyone you don't know, don't click on shared links, keep your personal details to yourself, log out when you've finished, and keep your IM service and anti-virus systems up to date."

The guide from Network Box includes the following advice to IT managers, as well as free guidelines for employees on keeping themselves safe from malware over IM:

* Agree what IM platform you will use, and make sure your employees only use that platform.

* Agree which employees should have access to IM, and set your access policy accordingly.

* Ensure that the IM service is updated regularly. Often IM providers will include enhanced security in new versions of the application.

* Ensure your security policy is set to secure all outgoing communications, including IM, as well as incoming communications. If you simply block an application, it will often find a way through a firewall - either using 'tunnelling' software, or by searching through all available ports until it finds one open. It is more effective, therefore, to configure firewalls to block all outbound connections except those to secure proxies, which forces all web access (including IM) through a gateway security system.

* Educate all employees on the security risks of IM, and give them clear guidelines on how to use it. Suggested guidelines are available free from Network Box.

* Consider including a section on IM in your company security policy, and if you hold security seminars, include IM within these. IM can seem a much more personal form of contact than email, and so the temptation to click on a link within an IM can be greater than within an email. Don't assume that employees understand the risks.

* Keep your security systems up to date, to protect against employees clicking on infected web links, for example. Ensure you are using a secure, recently patched browser, ensure your firewall and anti-virus systems are up to date and correctly configured, and keep your operating system patched to ensure you're operating the latest version. If you have any doubts, talk to your security provider about configuring security to cope with IM.

* Monitor IM use. It is important to ensure employees understand that this is a company system, in the same way that the telephone or email systems belong to the company. IM shouldn't be abused by employees any more than email or telephone should be. Set clear guidelines as to what IM use is acceptable
Ensure employees understand that they are representing the company, whether it is over IM or any other platform.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo