Large businesses can’t run without electronic communications anymore. Despite the fact that e-mail, as a staple of corporate communication, is often undersecured, many businesses have begun adopting newer methods of exchange that speed the decision-making process even further, often without much thought about the security ramifications. In fact, many businesses are using these products without even knowing it.
E-mail has been a popular outlet for online mischief-makers. In fact, most organizations have experienced the most common e-mail threats—viruses, worms and malicious content. Denial-of-service attacks, pharming, phishing and directory harvest attacks can also jeopardize your network or your business. Even pictures within e-mail messages, also known as Web beacons, can have harmful code embedded in them and can secretly send messages back to the sender, providing spammers with information regarding active e-mail addresses. The hijacking of e-mail for malicious use isn’t likely to slow.
In the future, according to Joel Smith, CTO of AppRiver, a provider of e-mail security solutions, “Online scammers will continue their use of malicious code to take advantage of application and operating system vulnerabilities to build larger networks of compromised PCs. ISPs will respond by locking down their outbound SMTP traffic to offer greater protection. Scammers then will design worms and viruses that hack e-mail passwords on infected systems to send their e-mail using authenticated accounts. Compromised machines will also begin to use these password-hacking techniques to gain entry to other critical resources for identity theft and also to hack into secure facilities.”
In addition to commonly recognized e-mail attacks, spam presents its own kind of threat to the business: a financial one. Spam, or “dark traffic,” a term coined by Tumbleweed to refer to e-mail that is not legitimate business communication, accounts for a large proportion of e-mail sent. Dark traffic results in over-resourcing the e-mail infrastructure to handle traffic that doesn’t belong on the network, and this can be very costly.
Companies spend plenty of money each year on basic e-mail security, but few implement advanced security features like image analysis and outbound e-mail content filtering. Additionally, because of high labor expenditures, organizations frequently fail to employ and deploy necessary manpower to address e-mail security.
IM: Business Tool or Time Waster?
Corporations also have to deal with “greynet,” a term coined by FaceTime Communications to describe network-enabled applications that are installed on a corporate user’s system without permission from IT and that avoid detection and blocking. Described as fertile ground for hackers, instant messaging has in the past fallen into the greynet category, though some businesses have begun sanctioning its use.
IM lets geographically dispersed individuals exchange data instantly. It initially gained popularity among home users because it allowed casual, interactive conversations with friends, which in many cases could significantly lower phone bills. Because IM programs, such as MSN Messenger from Microsoft, AIM from AOL, and Yahoo! Messenger, are free for download, IM users would often load them onto their PDAs and computers at work as well. Some used IM for strictly personal communications, and some realized its real-time application qualified it as a useful business tool. Still, most employees used IM at work without making their supervisors aware of it.
In the face of this onslaught of unauthorized use, different businesses have taken different routes. Some ignore the problem entirely. Some attempt to block IM usage by identifying and blocking the ports used by IM applications and protocols. If done correctly, this is quite effective, but it can also be expensive.
Other businesses have said, If you can’t beat them, join them. They have begun using IM—or allowing IM use—as a legitimate work tool. After all, it lets employees, clients and businesses communicate more quickly, which should increase efficiency if employed correctly. The problem with IM’s increasing popularity in business is that its security is not as well developed as that of e-mail, and some businesses aren’t even aware of the security threats it poses.