http://www.vnunet.com/vnunet/news/2212630/enterprises-urged-plug-im
By Clement James
vnunet.com
25 March 2008
One in four employees has used instant messaging to send information
about company plans, finances or password/login credentials, security
experts have warned.
FaceTime Communications said that enterprises need to wake up to the use
of real-time communications in the workplace and ensure that they have
the ability to log, archive and retrieve the communications.
A review of thousands of pages of IM conversations in the recent Socit
Gnrale trading scandal revealed that the rogue trader may not have acted
alone.
The reports note that much of the trading scheme was discussed over
instant messaging, as opposed to more traditional email channels. Socit
Gnrale's ability to retrieve these messages provided a clear trail for
investigators.
"The financial sector has long led the way in the use of technology, and
its adoption of instant messaging is no exception," said Nick Sears,
EMEA vice president at FaceTime.
"Employees frequently believe that their IM conversations are private,
as the Socit Gnrale case shows.
"By and large the employees are correct as many businesses do not even
recognise that real-time communications are being used on their systems,
let alone monitor it."
FaceTime added that IM is not the only real-time communication tool that
organisations should be wary of when it comes to information leakage and
employee collusion.
"Even if you ignore the fact that you cannot scan for malware using
traditional security tools, encrypted VoIP is still a major headache for
companies in terms of data leakage," said Sears.
"It is not just conversations that go unmonitored. Most VoIP clients
allow you to exchange files too, allowing confidential documents to slip
easily in and out of the organisation before you can say 'regulatory
investigation.'"
___________________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
Comments