IM and VoIP Still Not On Security Radar

December 12th, 2006: Symantec is warning businesses of the risks associated with instant messaging (IM) and VoIP after a recent UK survey found that over half of the respondents had no policies in place to manage the use of these new communication technologies.

Conducted among 256 IT directors and other employees, the survey found that 54 percent had no email, VoIP and IM management policies in place and while only 6 percent admitted to security breeches via these services, 23 percent of employees said that they had been exposed to a threat, or knew of a similar incident occurring inside the company.

Email has been around for a long time now, however, recent surges in communication technology has left some business lagging behind in terms of security policies. 46 percent of those surveyed said their company had a strict email policy, but only 26 percent could say that a similar IM and VoIP policy was in place.

By using IM and VoIP, companies have to “ensure that they now employ the correct security policies and procedures to prevent possible attacks,” Fredrik Sjostedt, Symantec's Enterprise Messaging Management product manager told itpro.co.uk. “We encountered a similar situation when email first became recognised as a critical business tool and have grown to understand more about how it needs to be managed.

“If we are to avoid making the same mistakes, businesses must act now to secure all communications technologies, or the potential risks and implications could be huge.”

The survey also found that 26 percent of UK companies are now using IM or VoIP as part of their everyday business processes. Without management policies in place these services can increase a range of business risks, from data security weaknesses to holes in compliance.

Comment on this story