Enterprises urged to plug IM security holes

Enterprises urged to plug IM security holes

A quarter of all staff admit to sending sensitive material by IM

One in four employees has used instant messaging to send information about company plans, finances or password/login credentials, security experts have warned.

FaceTime Communications said that enterprises need to wake up to the use of real-time communications in the workplace and ensure that they have the ability to log, archive and retrieve the communications.

A review of thousands of pages of IM conversations in the recent Société Générale trading scandal revealed that the rogue trader may not have acted alone.

The reports note that much of the trading scheme was discussed over instant messaging, as opposed to more traditional email channels. Société Générale's ability to retrieve these messages provided a clear trail for investigators.

"The financial sector has long led the way in the use of technology, and its adoption of instant messaging is no exception," said Nick Sears, EMEA vice president at FaceTime.

"Employees frequently believe that their IM conversations are private, as the Société Générale case shows.

"By and large the employees are correct as many businesses do not even recognise that real-time communications are being used on their systems, let alone monitor it."

FaceTime added that IM is not the only real-time communication tool that organisations should be wary of when it comes to information leakage and employee collusion.

"Even if you ignore the fact that you cannot scan for malware using traditional security tools, encrypted VoIP is still a major headache for companies in terms of data leakage," said Sears.

"It is not just conversations that go unmonitored. Most VoIP clients allow you to exchange files too, allowing confidential documents to slip easily in and out of the organisation before you can say 'regulatory investigation.'"