Issues in Compliance for Instant Messaging

Compliance is always a large concern, especially with attacks and data breaches increasing. It is important to understand the industry and regulatory requirements that need to be enforced within your corporation and security environment. One area that experts are beginning to see as an issue is instant messaging. This is a communication method that is hard to regulate and record, which could pose problems with industries with strict compliance standards.

In a recent article by Dmitry Shapiro, CTO at Akonix Systems, Inc., “Instant Messaging and Compliance Issues: What You need To Know” the issues that are becoming ever present with IM are discussed. The main issue is the sheer volume of users on these IM systems, totaling in the 100s of millions. This is not to mention what IT managers are most afraid of, which are the public IM systems, such as AOL Instant Messenger and Yahoo Messenger.

Although IM is a functional tool for communication there are key areas with which there is a lot of concern for compliance issues:

–        Record Retention

–        Information Security

–        Theft

–        Copyright Infringement

These issues are ever rising with the number of users and amounts of information on these systems. With the public IM services, the control a manager could have with an internal system is taken away. Tasks such as auditing, logging, and deleting records are all issues when the manager cannot oversee the whole system, and the web of IMs being created.

Without compliance and monitoring, the one thing that is apparent is that risk will increase. Shapiro says that the main issues to watch for are:

–        Organization of records

–        Retention of records

–        Tamper Proof Records

–        Record Retrieval

–        Off-Site Copies

And many more…

With such acts as the Sarbanes-Oxley Act, HIPAA, and GLBA the ability to control, monitor, protect, and delete records is essential. These regulations are going to require IT managers to remain compliant and come up with ways to monitor their users IM behaviors. If this is not done, IMs will be a strong source of theft and cybercrime.

Common Password Attacks: Do You Know How They'll Steal Your Password?

Just like we have multiple ways to secure our passwords, hackers have multiple ways to steal them right out from underneath us. Passwords are so valuable to us, some can hardly imagine letting one slip into the wrong hands. So the main question is how do you protect yourself?

The key is being aware of what types of attacks are able to steal your password, and understanding what precautions to take. In a recent article by InfoWorld, “Prepare for the Next Password Attack”, the most popular attacks were listed, so that awareness is possible.

Authentication Bypassing – just like it sounds, it bypasses password security
Password Guessing – hackers attempt to guess credentials by testing tons of passwords until the correct one is guessed. This is usually automated.
Password Sniffing – picks up plain text passwords over a network
Keystroke Logging – records what users physically type in when logging on by recording keystrokes
Hash Cracking – uses bypassing to go into an authentication database, and steal stored credentials
Credential Replaying – replay a stolen password over a network
Social Engineering – this includes over the phone, in person, and other alternative ways besides    technology that someone can steal your password

This article does a great job of outlining the common attacks on passwords. With all of this attack talk it is almost frightening to have passwords at all. Putting up defenses is the best way to prevent these attacks, and as said before to be aware of them. By enforcing strong authentication mechanisms and password policies, it is possible to never experience an attack. Just remember knowledge is power.