So serious, in fact, that several providers of instant messaging freeware available on the Internet warn of the security risks and advise strongly against using their products for sensitive communications. Their instant messaging systems are hosted -- i.e., based -- on computers that are external to your organization's network, and they provide insecure communications connections that should not be used by your organization.
Inform members of your organization that externally hosted instant messaging is not permitted on your network and that instant messaging freeware may not be installed on your organization's computers.
To understand more about the instant mess caused by externally hosted messaging, see the risks outlined below.
Eight Risks of Externally Hosted Instant Messaging
Weakened security settings: During installation, instant messaging software may change browser security settings, placing the computer at risk.
Readability by intruders: Instant messaging sessions are conducted in plain, unencrypted text, and are an open book to a reasonably skilled intruder.
Intrusion on privacy: By design, instant messaging software runs continuously as a background task and broadcasts the computer's presence online even if the interface is closed. (A separate exit action is needed to stop it.) In addition, instant messaging software may store the content of an instant messaging session in a log-file that could be read by others.
Hijacking and impersonation: Instant messaging accounts are vulnerable to hijacking or spoofing, allowing an intruder to impersonate someone in conversations with others.
Malicious code: Instant messaging establishes an open communications channel to the computer that can be exploited by malicious code such as worms, viruses, and Trojan horses.
Unauthorized access: Instant messaging users can potentially access each others hard drives and files during a session, placing the computer at the disposal of would-be hackers.
Poor password security: Instant messaging software typically stores passwords in a manner that is highly vulnerable to hackers.
No virus protection: Instant messaging sessions are not virus protected and can freely spread virus-ridden files.