Preventing Data Leakage Through Email and Instant Messaging
Incidents continue to accumulate and hit the daily headlines. Many of them involve the loss of sensitive information through some type of messaging activity. The losses can have devastating impacts to business.
The messaging-related incidents are sometimes technology-based, such as social-engineering tactics through instant messaging (IM) communications, sometimes they pre-meditated malicious activities, and sometimes they are just plain ol' "OOPS!! What the heck did I just do!!!!???" types of situations.
Often times there are not comprehensive policies and procedures in place to addres and try to prevent the most common types of messaging incidents. Many times organizations are not forward-thinking to see how new technologies will put their organizations at risk when implementing new messaging technologies, such as IM, voice over IP (VoIP), and so on.
It is typical for the first concern for some new messaging technology to be with productivity, such as expressed in a report from today's Baton Rouge Business Report. This article contains some good information, and certainly productivity needs to be considered, but not to the exclusion of security and privacy. This article does not even address security and privacy issues.
An excerpt from the article implicated the need for such discussion.
"Research from the Pew Internet & American Life Project's 2004 study, "How Americans Use Instant Messaging," states about 11 million people use instant messaging at work, with 11% of at-work users insisting they couldn't live without it."
11 million are using IM at work.
At least!
This is significant, and it is scary to think that so many organizations have let this technology into their network without first establishing information security and privacy policies, procedures and related restrictions.
I just posted a new paper about this topic to this site, "Preventing Data Leakage Through Email and Instant Messaging."
I hope you find it helpful in addressing the important issues of messaging security and privacy. If you have additional thoughts or risks I didn't cover within it, please let me know!
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
Comments
Unfortunately, I don't think that instant messaging security will greatly improve anytime soon. Email has been around (in offices) much longer, and many organizations still aren't using such basic security measures as encryption and email anti-theft.
Working for an email security company, I keep up to date on security breaches that happen due to unsecured outbound emails, and the lack of knowledge and precautions taken by small businesses, government organizations and enterprises alike is just astonishing.
Since organizations are just starting to embrace the new messaging technologies you mentioned (IM, VoIP), it will probably take some time to realize the possible threats... and even longer to act on creating necessary security policies.
Posted by: Mila | March 14, 2007 3:07 PM
Thank you for your comments, Mila.
True; email certainly has been around, and been a threat and vulnerability, for a very long time. Awareness really does need to be raised. It is too bad more attention to this issue is not given within businesses through ongoing awareness and targeted training. Not only would this help businesses, it would also help the personnel when they are doing their own personal email communications in their homes.
I believe the IM and VoIP technologies, and other emerging messaging methods, are going to dramatically impact some organizations negatively as they become victims of the exploits being proliferated through them. Those launching such attacks know that corporations are not prepared and leaving themselves open to attack. If someone wants to take PII and other business secrets, they will use the path of least resistance, and these new technologies will be very attractive conduits.
Posted by: Rebecca | March 16, 2007 11:54 AM