ABOUT US

FORUMS

PARTNERS

PRODUCTS & SERVICES

FREE RESOURCES

JOIN
NOW!

You are not logged in. Access is limited. Login or see membership information. • Streetwise Security Zone Community

Watch this Blog Notify me by e-mail any time a new post is made to this blog.

Scott Wright's editorials on a variety of security issues for non-technical business managers and home computer users. Please feel free to comment and help spread the word that managers need to think about their information security risks.

The Virus Time Machine (e-Book)
Product ID: 00000007

... What You Need to Know (and Wish You Knew Before) About Removing Virus and Malware Infections Before you start down the path of trying to fix a virus infection on your computer, you should really understand what's invol ... More »

Non-Member Price: $4.99

November 2008 Posts

Is the problem with the technology, the procedures or the people?
Mon 24th 2008 @ 6:05 AM
Clicking on links is like hitch-hiking - you never know where you'll end up
Mon 24th 2008 @ 6:03 AM
Social engineering petrie dishies could easily be more secure
Mon 24th 2008 @ 6:02 AM
Book review - IT Governance: Guidelines for Directors
Mon 24th 2008 @ 6:00 AM
Visitor access logs can be used for unintended purposes by anyone
Thu 20th 2008 @ 3:00 PM
Deterrent safeguards - they can't prevent anything, so why bother?
Thu 20th 2008 @ 2:58 PM
What's your board doing with IT?
Thu 20th 2008 @ 2:55 PM
It's not that you can't trust them, but...
Thu 20th 2008 @ 2:54 PM
Getting to secure - incrementally and practically
Thu 20th 2008 @ 2:51 PM
Scott Wright's Security Views column is moving to The Streetwise Security Zone for your convenience
Wed 19th 2008 @ 9:23 AM
Getting on the blog wagon
Wed 19th 2008 @ 9:06 AM
Instant messaging in the enterprise... security threat, privacy threat or useful tool?
Wed 19th 2008 @ 9:04 AM
If you don't have integrity, what do you have?
Wed 19th 2008 @ 9:02 AM
Magic Crypto Fairy Dust
Wed 19th 2008 @ 9:01 AM
Debit Machine Tampering
Wed 19th 2008 @ 8:59 AM
USB Tokens Can Be Risky
Wed 19th 2008 @ 8:58 AM
Voice Over IP Security
Wed 19th 2008 @ 8:53 AM
Canadian Breach Notification Laws
Wed 19th 2008 @ 8:52 AM
Book - Beyond Fear by Bruce Schneier
Wed 19th 2008 @ 8:50 AM
Welcome to Scott Wright's Security Views
Wed 19th 2008 @ 8:41 AM

Instant messaging in the enterprise... security threat, privacy threat or useful tool?

Wednesday, November 19th 2008 @ 9:04 AM (not yet rated) post viewed 784 times

Originally posted - February 3, 2007

In the last of 6 episodes in the podcast series at “Security Round Table“, there was a great discussion on Instant Messaging security issues. One of the most interesting aspects of the discussion was on whether enterprises would try to completely lock down IM facilities so that people couldn’t use it for personal “unproductive” chatting. The concensus in the panel seemed to be that it would not really be possible, given that, unlike most other technologies that are so expensive that they originate in the enterprise and migrate to the public masses (i.e. cell phones, pagers, etc.), IM started out in the public domain, and is migrating into enterprises. Basically, “It’s much harder to deny a technology to someone who never had it in the first place, than to take it away once they have it.”

There are, of course, security issues aplenty with IM tools, such as Availability (consumption of corporate network bandwidth), Confidentiality (leaking of corporate Intellectual Property), and Integrity (known vulnerabilities that provide vectors for malicious code).
On a personal note (privacy mostly), I used to work in a place where my boss expected people to use AOL Instant Messanger, and to be logged in at all times when they were working…so he could keep an eye on who was at their desk! I have yet to come across anyone else who has seen it used in that way. I saw it as an invasion of privacy, since being logged in and online did not necessarily correspond with a worker’s actively productive times. Mysteriously, my laptop never liked AIM, and often crashed. So, happily, I wasn’t able to keep it installed. When he asked me why I wasn’t using AIM I told him that it crashed my machine. I never really knew if he believed me, or if it affected his opinion of how productive I was. In any event, I think it’s a strange way to keep a leash on your team members.

Anybody care to comment?

My live security awareness webinars are a quick and affordable way to provide your entire staff with professional quality security awareness training and education - whether it's general training or for specific teams or industries. I offer group rates and can tailor content to your specific needs. Please call or email me at the coordinates below, or CLICK HERE to see my training webinar catalog.

Scott Wright

The Streetwise Security Coach

Join the Streetwise Security Zone at:
http://www.streetwise-security-zone.com/join.html

Phone: 1-613-693-0997
Email: scott@streetwise-security-zone.com
Twitter ID: http://www.twitter.com/streetsec

To receive weekly security tips and other notices about helpful content available on this site, please make sure you are on my list by clicking HERE, and entering your name and email address.

add a comment

rate this post:

Comments