Mitigate IM Security Threats Follow these steps for protecting IM as a business tool.

Instant messaging has become a common means of communicating in the business world. Once limited to desktops, IM is now available via handheld devices and cell phones, allowing users to chat from virtually anywhere.

However, like any form of communication through the internet, IM is accompanied by its own set of security risks. Whether deployed by users at their place of business or on their home computers, IM is generally unprotected and unmonitored, leaving it vulnerable to attacks. One infected computer can result in messages being sent to all users in an IM contact list on that machine.

Furthermore, popular IM protocols are increasingly becoming interoperable. While this allows users from one network to communicate with users from another network without having to install multiple IM clients, it may also encourage attackers to concentrate their efforts on these protocols that represent a larger group of users. In such a scenario, any malicious code that propagates through one of the protocols could likely propagate through the other.

Some of the most common threats to IM include:

  • Spim
    Spim is the spam of the IM world. Spimmers pose as IM users and send messages to randomly generated screen names and to names illegally collected from the internet through automated programs. Spim isn't only annoying to deal with, but it also can be used as a conduit for security breaches.
  • Trojan horses
    A number of Trojan horses target IM. Some of these Trojans pose a large threat, allowing anyone full file access to a computer. Others are classic backdoor Trojans that use IM to send messages to the author of the Trojan, giving the hacker information about the infected computer, from IP address to open ports.
  • Worms
    Just as e-mail messages are used to spread worms, so is IM. As a result, users shouldn't accept, click on or launch suspicious instant messages.

A few of the proactive steps that small businesses can take to secure their IM environments include:

  • Educate employees and create corporate policies.
    An important first step in IM security is to learn about safe practices and how to incorporate them into company policy. To protect your business and your employees, you should define appropriate uses of IM in the workplace and encourage precautionary measures, such as not storing IM passwords on the computer, never accepting messages from unknown sources, exercising caution when opening files or links, and not accepting file transfers.
  • Install desktop security software.
    Since spim typically requires users to download and open an attachment, security at the desktop level can guard against threats by blocking an attachment or cleaning an infected file. Install desktop firewalls to help protect individual machines from attacks from within an organization or through a local area network. Desktop firewalls are also good for those in a remote office or who handle sensitive data. You should also install desktop antivirus programs to provide a final line of defense against viruses, worms and Trojan horses.
  • Install and update patches.
    The major public IM networks frequently deploy IM patches in response to newly discovered vulnerabilities in their programs. You can help reduce the risk of attacks to your organization's computers by installing and updating IM patches regularly.
  • Secure IM logs.
    Many IM programs automatically create and store logs of all conversations on a user's computer. Hackers can gain valuable information from these logs, including specific statements made during a conversation, as well as business secrets discussed. To safeguard the content of IM conversations, consider either storing them behind a company firewall or deleting the logs. Most public IM programs have a deletion option in their preferences section or in the log manager section.
  • Encrypt messages.
    While the preceding recommendations will help you and your employees use public IM networks securely, companies that use IM for business communications should also consider using their own IM servers together with encryption.

By educating employees, enforcing policies, installing protective technologies and, where possible, encrypting IM conversations, you can continue to enjoy the benefits of using IM as a business tool while also mitigating its risks.

Mark Pieningis senior director of worldwide small- to medium-sized (SMB) marketing for Symantec Corporation, which offers a host of security and availability products, as well as information on the latest security threats at www.symantec.com. He can be reached at mark_piening@symantec.com.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Business News

Investment Firm CEO Tells Thousands in Conference Audience That 60% of Them Will Be 'Looking for Work' Next Year

There were over 5,500 people at SuperReturn International 2025, making it the largest private equity event in the world.

Side Hustle

After a 12-Year-Old's Side Hustle Made Over $4,000 in 1 Day, He and His Dad Grew the Business to Nearly $50,000 a Month: 'It Takes Commitment'

Madden Forrest and his father, Steven, turned their passion for football into a lucrative business.

Business Ideas

70 Small Business Ideas to Start in 2025

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2025.

Business News

Here Are the 10 Highest-Paying Jobs For New Graduates With a Bachelor's Degree — and They All Start at Six Figures

According to a new report from Resume Genius, finding a high-paying job as a new grad is possible, even in this market.

Business Solutions

Discover How AI Can Transform the Way You Work With This $20 E-Degree

Learn how to make AI work for you with the ChatGPT and Automation E-Degree, now for just $20.

Business News

Is AI the Reason for Your Layoff? New York Becomes the First State to Require Companies to Disclose If So.

It's the first official statewide move towards understanding AI's effect on the labor market.