Subscribe by Email

Saturday, April 6, 2013

What are the risks and liabilities with instant messaging?

There are a number of risks and liabilities associated with Instant Messaging. Till today several attempts have been done in order to create a unified IM standard. 
Few have been mentioned below:
  1. Session initiation protocol or SIP of IETF.
  2. SIP for instant messaging and presence leveraging extensions or SIMPLE.
  3. APEX or application exchange.
  4. IMPP or instant messaging and presence protocol.
  5. XMPP or open XML – based extensible messaging and presence protocol.
  6. Instant messaging and presence service of open mobile alliance (this one was developed exclusively for the mobiles.)
Although a number of benefits are given by instant message, there are also many risks and liabilities associated with it. This happens particularly when one uses IM at his/ her workplace. 
Associated risks and liabilities are:
  1. Security risks
  2. Inappropriate use
  3. Compliance risks
  4. Trade secret leakage

About Security Risks

- Security risks involve infecting the systems with viruses, worms, spyware and Trojans etc.
- Hackers and crackers make use of IM vectors for making phishing attempts, introducing the file attachments laden with virus and poisoned URLs. 
- Two main methods are used by the hackers for delivering the malicious code via instant messaging:
  1. Delivering viruses, spyware or Trojan horses through an infected file.
  2. Using the socially engineered text that has a web address enticing the recipient to go to an URL that in turn connects him/ her to a malicious website.
- The first kind of means i.e., the Trojans, worms and viruses propagate themselves by infecting the whole contact list of the user. 
- An attack done through means of a poisoned URL may infect 1000s of user’s system in a very short duration i.e., just when each of the person in the user’s contact list receives a message that appears to be from a trusted source. 
- Thus, when the recipients click on the web address, the whole cycle repeats. - Such infections might be for some criminal or a nuisance reasons. 
- These attacks are getting more sophisticated with time. 
- The connections in the instant messaging are usually in plain text. 
- This is what that makes them vulnerable to threats such as eavesdropping. 
Also, with instant messaging, the UDP ports are left exposed to the world inviting many potential security vulnerabilities and raising many security issues.

About Inappropriate Use

- All the organizations, be of any type need protection against the liability of the inappropriate use of the IM service by the employees. 
- The nature of the IM, be it immediate, informal or anonymous marks it as an abuse of the workplace. 
- In a number of nations, a legal responsibility has been set up by the corporations in order to make sure that the working environment is free of any harassment for the employees. 
- Instant messaging is now included as an integral part of the policies of the companies regarding the appropriate use of services such as e – mail and world wide web and some other corporate assets.

About Compliance Risks

- Using the IM services at workplace also induces a risk concerning the non – compliance to laws and regulations that govern the use of electric communications. 
- The need for the production of the archived business communications that would satisfy the judicial requests is what to which most of the common regulations is related to. 
- There are a number of IM communications falling under the category of business communications and are retrievable. 

No comments:

Facebook activity