How 2 Luv IM!

Seven steps to keeping your employees' instant messaging secure.

April 01, 2006 — CSO — p>Instant messaging is a phenomenon that infiltrated corporate America like bedbugs in a flophouse. It burrowed its way into companies a few users at a time, became fruitful and multiplied, and today has become a popular tool for employees to carry on business and, yes, exchange the occasional message with buddies scheduling that night's cocktail hour.

Yet IM can introduce some nasty byproducts to a company's security posture. The wildfirelike growth of the technology has led to a spike in the number of Internet bloodletters who have found a new and vulnerable target for their attacks. And the speed with which an IM worm can propagate leaves a typical e-mail attack looking like a funeral procession down Main Street. "The fastest-ever e-mail threat took about 10 hours to hit 500,000 sites. On IM, it takes about five to seven minutes," says Francis deSouza, CEO and president of IMlogic, an IM security company acquired by Symantec early this year. According to antivirus vendor Sophos, the second-ever virus aimed at the Macintosh operating system propagates itself to other computers via iChat. Fear not, CISOs: You can defend your company against the IM nasties. This story takes a look at how popular IM has become, why banning it may be wishful thinking and what steps you can take to secure your IM networks. (Hint: Sticking your head in the sand and denying there's a problem isn't one of them.)

Market researcher Radicati Group says IM is being used in 85 percent of enterprises; that the number of IM messages being sent each day will increase from 11.4 billion in 2004 to more than 45.8 billion in 2008; and that the number of IM users will grow from 320 million to 592 million in 2008. And IM isn't just for 12-year-old kiddies talking about crushes, Brangelina and the latest episode of The OC. Responsibly used, IM can make workers more productive. "From a general, philosophical standpoint, we try to keep our headcount lower to have lower operational costs and to be more efficient. We try to give people all the reasonable tools they need to expedite their jobs; one is IM," says Steve Rubinow, CTO of NYSE Group, an electronic stock market. Brian Trudeau, CIO at Amerex Energy, supports IM because some of the company's brokers rely on it. "It's kind of been an organic growth through the industry. One person starts it, now some traders won't talk to you unless you have an IM handle. It's instant gratification, not like e-mail, for which you have to wait. The nice thing about it is the ability to transmit information instantly," he says.