http://www.vnunet.com/vnunet/news/2212630/enterprises-urged-plug-im By Clement James vnunet.com 25 March 2008 One in four employees has used instant messaging to send information about company plans, finances or password/login credentials, security experts have warned. FaceTime Communications said that enterprises need to wake up to the use of real-time communications in the workplace and ensure that they have the ability to log, archive and retrieve the communications. A review of thousands of pages of IM conversations in the recent Socit Gnrale trading scandal revealed that the rogue trader may not have acted alone. The reports note that much of the trading scheme was discussed over instant messaging, as opposed to more traditional email channels. Socit Gnrale's ability to retrieve these messages provided a clear trail for investigators. "The financial sector has long led the way in the use of technology, and its adoption of instant messaging is no exception," said Nick Sears, EMEA vice president at FaceTime. "Employees frequently believe that their IM conversations are private, as the Socit Gnrale case shows. "By and large the employees are correct as many businesses do not even recognise that real-time communications are being used on their systems, let alone monitor it." FaceTime added that IM is not the only real-time communication tool that organisations should be wary of when it comes to information leakage and employee collusion. "Even if you ignore the fact that you cannot scan for malware using traditional security tools, encrypted VoIP is still a major headache for companies in terms of data leakage," said Sears. "It is not just conversations that go unmonitored. Most VoIP clients allow you to exchange files too, allowing confidential documents to slip easily in and out of the organisation before you can say 'regulatory investigation.'" ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Tue Mar 25 2008 - 22:11:12 PST