News Stay informed about the latest enterprise technology news and product updates.

Instant threat from instant messaging, and what some companies are doing about it

IM and chat clients pose phishing and malware threats, so security managers are using new software to lock out the bad guys without cutting off employees or customers.

Many end-user companies have recognized not only the usefulness of instant messaging (IM), but also the potential threat, to which they are responding with a mix of security policies and new software specifically designed to clean phishers and malware from IM exchanges.

To make it easier, some companies have standardized on commercial IM clients and instituted "no attachment" policies on their email networks to block the installation of unauthorized chat clients.

Products from Akonix, Facetime and Symantec are among the most popular and effective at IM security, but also create an additional workload for a security staff.

To avoid that workload, some companies try Web filtering appliances from WebSense, SurfControl and others to IM. Most of those filters aren't tight enough to lock down IM sufficiently, however, according to analysts.

Wesabe, a money management community based in Berkeley, Calif. uses business chat tool Campfire for IM, mainly because of its security features, including locking down chats using SSL and password protection for individual chats. Campfire is developed by Chicago-based 37Signals.

The 7,500-employee newspaper and TV management company Media General uses IM Manager from Symantec because, the security chief said, it's unrealistic to expect to wean users from their favorite chat client, so adding security on top is the next best thing.

For exchanges that are likely to be insecure even with precautions, he advises employees to use email.

The original version of this story was published on sister site

Dig Deeper on Cybersecurity risk assessment and management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.