Although instant messaging delivers lots of benefits, it also carries with it sure risks and liabilities, when used in workplaces. Among these risks and liabilities are:
Security risks (e.g. IM used to infect computers with adware, viruses, trojans, worms)
Compliance risks
Trade secret leakage
Crackers (malicious "hacker" or black hat hacker) have consistently used IM networks as vectors for delivering phishing attempts, "poison URLs", and virus-laden file attachments from 2004 to the present, with over 1100 discrete assaults listed by the IM Security Center[15] in 2004�2007. Hackers use methods of delivering malicious code through IM: delivery of viruses, trojan horses, or adware within an infected file, and the use of "socially engineered" text with a web address that entices the recipient to click on a URL connecting him or her to a web-site that then downloads malicious code. Viruses, computer worms, and trojans usually propagate by sending themselves quickly through the infected user's contact list. An effective assault using a poisoned URL may reach tens of thousands of users in a short period when each user's contact list receives messages appearing to be from a trusted mate. The recipients click on the net address, and the whole cycle starts again. Infections may range from nuisance to criminal, and are becoming more sophisticated each year.
Security risks
IM connections usually occur in plain text, making them vulnerable to eavesdropping. Also, IM client program often requires the user to expose open UDP ports to the world, raising the threat posed by potential security vulnerabilities.[16]
Compliance risks
In addition to the malicious code threat, the use of instant messaging at work also creates a risk of non-compliance to laws and regulations governing use of electronic communications in businesses. In the United States alone there's over ten,000 laws and regulations related to electronic messaging and records retention.[17] The better-known of these include the Sarbanes�Oxley Act, HIPAA, and SEC 17a-3. Clarification from the Financial Industry Regulatory Authority (FINRA) was issued to member firms in the financial services industry in December, 2007, noting that "electronic communications", "email", and "electronic correspondence" may be used interchangeably and can include such forms of electronic messaging as instant messaging and text messaging.[18] Changes to Federal Rules of Civil Procedure, effective December one, 2006, created a used section for electronic records which may be requested in the work of discovery in legal proceedings. Most nations also regulate use of electronic messaging and electronic records retention in similar fashion as the United States. The most common regulations related to IM at work involve the necessity to produce archived business communications to satisfy government or judicial requests under law. Lots of instant messaging communications fall in to the section of business communications that must be archived and retrievable.
Inappropriate use
Organizations of all types must protect themselves from the liability of their employees' inappropriate use of IM. The casual, immediate, and ostensibly anonymous nature of instant messaging makes it a candidate for abuse in the workplace. The topic of inappropriate IM use became front page news in October 2006 when U.S. Congressman Mark Foley resigned his chair after admitting sending offensive instant messages of a sexual nature to underage former House pages from his Congressional office PC. The Mark Foley Scandal led to media coverage and mainstream newspaper articles warning of the risks of inappropriate IM use in workplaces. In most nations, corporations have a legal responsibility to make definite harassment-free work surroundings for workers. The use of corporate-owned computers, networks, and program to harass an individual or spread inappropriate jokes or language creates a liability for not only the offender but also the employer. A survey by IM archiving and security provider Akonix Systems, Inc. in March 2007 showed that 31% of respondents had been harassed over IM at work.[19] Companies now include instant messaging as an integral part of their policies on appropriate use of the World Wide Web, e-mail, and other corporate assets.
Security risks (e.g. IM used to infect computers with adware, viruses, trojans, worms)
Compliance risks
Trade secret leakage
Crackers (malicious "hacker" or black hat hacker) have consistently used IM networks as vectors for delivering phishing attempts, "poison URLs", and virus-laden file attachments from 2004 to the present, with over 1100 discrete assaults listed by the IM Security Center[15] in 2004�2007. Hackers use methods of delivering malicious code through IM: delivery of viruses, trojan horses, or adware within an infected file, and the use of "socially engineered" text with a web address that entices the recipient to click on a URL connecting him or her to a web-site that then downloads malicious code. Viruses, computer worms, and trojans usually propagate by sending themselves quickly through the infected user's contact list. An effective assault using a poisoned URL may reach tens of thousands of users in a short period when each user's contact list receives messages appearing to be from a trusted mate. The recipients click on the net address, and the whole cycle starts again. Infections may range from nuisance to criminal, and are becoming more sophisticated each year.
Security risks
IM connections usually occur in plain text, making them vulnerable to eavesdropping. Also, IM client program often requires the user to expose open UDP ports to the world, raising the threat posed by potential security vulnerabilities.[16]
Compliance risks
In addition to the malicious code threat, the use of instant messaging at work also creates a risk of non-compliance to laws and regulations governing use of electronic communications in businesses. In the United States alone there's over ten,000 laws and regulations related to electronic messaging and records retention.[17] The better-known of these include the Sarbanes�Oxley Act, HIPAA, and SEC 17a-3. Clarification from the Financial Industry Regulatory Authority (FINRA) was issued to member firms in the financial services industry in December, 2007, noting that "electronic communications", "email", and "electronic correspondence" may be used interchangeably and can include such forms of electronic messaging as instant messaging and text messaging.[18] Changes to Federal Rules of Civil Procedure, effective December one, 2006, created a used section for electronic records which may be requested in the work of discovery in legal proceedings. Most nations also regulate use of electronic messaging and electronic records retention in similar fashion as the United States. The most common regulations related to IM at work involve the necessity to produce archived business communications to satisfy government or judicial requests under law. Lots of instant messaging communications fall in to the section of business communications that must be archived and retrievable.
Inappropriate use
Organizations of all types must protect themselves from the liability of their employees' inappropriate use of IM. The casual, immediate, and ostensibly anonymous nature of instant messaging makes it a candidate for abuse in the workplace. The topic of inappropriate IM use became front page news in October 2006 when U.S. Congressman Mark Foley resigned his chair after admitting sending offensive instant messages of a sexual nature to underage former House pages from his Congressional office PC. The Mark Foley Scandal led to media coverage and mainstream newspaper articles warning of the risks of inappropriate IM use in workplaces. In most nations, corporations have a legal responsibility to make definite harassment-free work surroundings for workers. The use of corporate-owned computers, networks, and program to harass an individual or spread inappropriate jokes or language creates a liability for not only the offender but also the employer. A survey by IM archiving and security provider Akonix Systems, Inc. in March 2007 showed that 31% of respondents had been harassed over IM at work.[19] Companies now include instant messaging as an integral part of their policies on appropriate use of the World Wide Web, e-mail, and other corporate assets.
No comments:
Post a Comment