Mitigate IM Security Threats

Follow these steps for protecting IM as a business tool.

Instant messaging has become a common means of communicating in the business world. Once limited to desktops, IM is now available via handheld devices and cell phones, allowing users to chat from virtually anywhere.

However, like any form of communication through the internet, IM is accompanied by its own set of security risks. Whether deployed by users at their place of business or on their home computers, IM is generally unprotected and unmonitored, leaving it vulnerable to attacks. One infected computer can result in messages being sent to all users in an IM contact list on that machine.

Furthermore, popular IM protocols are increasingly becoming interoperable. While this allows users from one network to communicate with users from another network without having to install multiple IM clients, it may also encourage attackers to concentrate their efforts on these protocols that represent a larger group of users. In such a scenario, any malicious code that propagates through one of the protocols could likely propagate through the other.

Some of the most common threats to IM include:

  • Spim
    Spim is the spam of the IM world. Spimmers pose as IM users and send messages to randomly generated screen names and to names illegally collected from the internet through automated programs. Spim isn't only annoying to deal with, but it also can be used as a conduit for security breaches.
  • Trojan horses
    A number of Trojan horses target IM. Some of these Trojans pose a large threat, allowing anyone full file access to a computer. Others are classic backdoor Trojans that use IM to send messages to the author of the Trojan, giving the hacker information about the infected computer, from IP address to open ports.
  • Worms
    Just as e-mail messages are used to spread worms, so is IM. As a result, users shouldn't accept, click on or launch suspicious instant messages.

A few of the proactive steps that small businesses can take to secure their IM environments include:

  • Educate employees and create corporate policies.
    An important first step in IM security is to learn about safe practices and how to incorporate them into company policy. To protect your business and your employees, you should define appropriate uses of IM in the workplace and encourage precautionary measures, such as not storing IM passwords on the computer, never accepting messages from unknown sources, exercising caution when opening files or links, and not accepting file transfers.
  • Install desktop security software.
    Since spim typically requires users to download and open an attachment, security at the desktop level can guard against threats by blocking an attachment or cleaning an infected file. Install desktop firewalls to help protect individual machines from attacks from within an organization or through a local area network. Desktop firewalls are also good for those in a remote office or who handle sensitive data. You should also install desktop antivirus programs to provide a final line of defense against viruses, worms and Trojan horses.
  • Install and update patches.
    The major public IM networks frequently deploy IM patches in response to newly discovered vulnerabilities in their programs. You can help reduce the risk of attacks to your organization's computers by installing and updating IM patches regularly.
  • Secure IM logs.
    Many IM programs automatically create and store logs of all conversations on a user's computer. Hackers can gain valuable information from these logs, including specific statements made during a conversation, as well as business secrets discussed. To safeguard the content of IM conversations, consider either storing them behind a company firewall or deleting the logs. Most public IM programs have a deletion option in their preferences section or in the log manager section.
  • Encrypt messages.
    While the preceding recommendations will help you and your employees use public IM networks securely, companies that use IM for business communications should also consider using their own IM servers together with encryption.

By educating employees, enforcing policies, installing protective technologies and, where possible, encrypting IM conversations, you can continue to enjoy the benefits of using IM as a business tool while also mitigating its risks.

Mark Pieningis senior director of worldwide small- to medium-sized (SMB) marketing for Symantec Corporation, which offers a host of security and availability products, as well as information on the latest security threats at He can be reached at

Related Topics

Editor's Pick

Everyone Wants to Get Close to Their Favorite Artist. Here's the Technology Making It a Reality — But Better.
The Highest-Paid, Highest-Profile People in Every Field Know This Communication Strategy
After Early Rejection From Publishers, This Author Self-Published Her Book and Sold More Than 500,000 Copies. Here's How She Did It.
Having Trouble Speaking Up in Meetings? Try This Strategy.
He Names Brands for Amazon, Meta and Forever 21, and Says This Is the Big Blank Space in the Naming Game
Thought Leaders

The Collapse of Credit Suisse: A Cautionary Tale of Resistance to Hybrid Work

This cautionary tale serves as a reminder for business leaders to adapt to the changing world of work and prioritize their workforce's needs and preferences.

Money & Finance

7 Tips for Raising Money-Smart Kids

How to set your children up for success and ensure they have the skills they need to thrive in an increasingly complex financial world.


How to Detect a Liar in Seconds Using Nonverbal Communication

There are many ways to understand if someone is not honest with you. The following signs do not even require words and are all nonverbal queues.

Starting a Business

Ask Marc | Free Business Advice Session with the Co-Founder of Netflix

Get free business advice during our next Ask Marc, live Q&A, on 3/28/23 at 3 p.m. EDT. You don't want to miss it—send in your questions now.

Starting a Business

The Pros and Cons of Starting a Business vs. Innovating Within a Company

This article compares entrepreneurship and intrapreneurship and highlights pros/cons and success stories.