Instant Messaging or Instant Compromise?
Instant Messaging (IM) is an increasingly popular form of electronic communication that enables users to exchange text-based messages and files over the Internet in real-time. Similar to telephone communication except via computer, IM applications allow users to maintain a contact or “buddy” list of other users; alert users when anyone on their list is “online”; and create semi-private sessions where users can exchange messages and data with each other in real-time. Popular IM providers include AOL, MSN, Yahoo and ICQ.
IM is not secure and should not be used to communicate any confidential or sensitive information.
IM providers maintain and control user messages, logs and connection information on their servers. Although providers offer some degree of encryption, there have been instances of IM user logs being captured and used for unethical or criminal purposes.
IM is subject to “eavesdropping” and hackers can use IM as an entry point to compromise data residing on a computer. IM also serves as an entry point for viruses, worms, Trojans and other forms of malware.
Do not use IM to communicate any protected health information (PHI). In addition, IM applications should not be installed on any computer that contains or accesses systems containing Electronic Protected Health Information (EPHI). For further information, please visit http://www.symantec.com/connect/articles/instant-insecurity-security-issues-instant-messaging.
Posted January 17, 2005