There are a number of risks
and liabilities associated with Instant Messaging. Till today several attempts have
been done in order to create a unified IM standard.
Few have been mentioned
below:
- Session initiation protocol or SIP of IETF.
- SIP for instant messaging and presence
leveraging extensions or SIMPLE.
- APEX or application exchange.
- IMPP or instant messaging and presence
protocol.
- XMPP or open XML – based extensible messaging
and presence protocol.
- Instant messaging and presence service of open
mobile alliance (this one was developed exclusively for the mobiles.)
Although a number of benefits are
given by instant message, there are also many risks and liabilities associated
with it. This happens particularly when one uses IM at his/ her workplace.
Associated risks and liabilities
are:
- Security risks
- Inappropriate use
- Compliance risks
- Trade secret leakage
About Security Risks
- Security
risks involve infecting the systems with viruses, worms, spyware and Trojans
etc.
- Hackers and
crackers make use of IM vectors for making phishing attempts, introducing the
file attachments laden with virus and poisoned URLs.
- Two main methods are used by
the hackers for delivering the malicious code via instant messaging:
- Delivering viruses, spyware
or Trojan horses through an infected file.
- Using the socially
engineered text that has a web address enticing the recipient to go to an
URL that in turn connects him/ her to a malicious website.
- The first kind of means i.e., the
Trojans, worms and viruses propagate themselves by infecting the whole contact
list of the user.
- An attack done through means of a poisoned URL may infect
1000s of user’s system in a very short duration i.e., just when each of the
person in the user’s contact list receives a message that appears to be from a
trusted source.
- Thus, when the recipients click on the web address, the whole
cycle repeats. - Such infections might be for some criminal or a nuisance
reasons.
- These attacks are getting more sophisticated with time.
- The
connections in the instant messaging are usually in plain text.
- This is what
that makes them vulnerable to threats such as eavesdropping.
- Also, with instant
messaging, the UDP ports are left exposed to the world inviting many potential
security vulnerabilities and raising many security issues.
About Inappropriate Use
- All the
organizations, be of any type need protection against the liability of the
inappropriate use of the IM service by the employees.
- The nature of the IM, be
it immediate, informal or anonymous marks it as an abuse of the workplace.
- In a number of nations, a legal responsibility has been set up by the
corporations in order to make sure that the working environment is free of any
harassment for the employees.
- Instant messaging is now included as an integral
part of the policies of the companies regarding the appropriate use of services
such as e – mail and world wide web and some other corporate assets.
About Compliance Risks
- Using the IM
services at workplace also induces a risk concerning the non – compliance to
laws and regulations that govern the use of electric communications.
- The need
for the production of the archived business communications that would satisfy
the judicial requests is what to which most of the common regulations is
related to.
- There are a number of IM communications falling under the category
of business communications and are retrievable.
No comments:
Post a Comment