Instant messaging – see no evil, hear no evil
FaceTime Communications warns that with one in four employees admitting to sending information about company plans, finances or password/login credentials via instant messaging, organisations need to wake up to the use of real-time communications within the workplace and ensure that they have the ability log, archive and retrieve them.
In the recent case of Société Générale, press reports show that the review of thousands of pages of instant message conversations revealed that the rogue trader may not have acted alone, alleviating concerns that bank managers had knowledge of the trader’s activities. The reports note that much of the trading scheme was discussed over instant messaging, as opposed to more traditional e-mail channels. Société Générale’s ability to retrieve these instant messages provided a clear trail for investigators.
“The financial sector has long led the way in the use of technology and its adoption of instant messaging is no exception,” says Nick Sears, VP EMEA, FaceTime Communications. “Employees frequently believe that their IM conversations are private, as the Société Générale case shows. By and large the employees are correct; many businesses don’t even recognise that real-time communications are being used on their systems, let alone monitor it.”
According to FaceTime, instant messaging is not the only real-time communication tool that organisations should be wary of when it comes to information leakage and employees colluding. A recent survey by CIO put VoIP clients last in “Nine consumer technologies CIOs fear”, with just one percent of respondents placing it as their number one threat. The survey points out that the issue of eavesdropping has been overcome with the addition of encryption, but FaceTime cites that this just makes the product more dangerous.
“Even if you ignore the fact that you can’t scan for malware using traditional security tools, encrypted VoIP is still a major headache for companies in terms of data leakage,” continues Sears. “It’s not just conversations that go unmonitored, most VoIP clients allow you to exchange files too, allowing confidential documents to slip easily, in and out of the organisation before you can say “regulatory investigation’.”