ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Online business Toolkit

Instant messaging could land bosses in jail

Dan Ilet ZDNet.co.uk

Published: 15 Oct 2004 13:55 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

UK companies are fretting that employees using IM applications could be breaking compliance laws.

Lawyers said this week that more companies are consulting them over the use of IM because they are unsure of its legal implications.

"People are coming to us worried about it," said Mark Smith, a solicitor for Olswang. "There are two problems -- unauthorised use of IM, and from a legal perspective all the [compliance] issues that apply to email apply to IM too."

Many companies use IM in the belief that it is exempt from compliance laws, such as Sarbanes-Oxley and Basel II. These regulations demand that companies store all their data for at least seven years. If companies fail to deliver on the regulations, chief executive officers and chief financial officers could be liable to go to jail.

"A lot of employees use it [IM] as a way of communicating without using the content filters," said Smith. "Because IM is more informal than email, people say things on it they sometimes shouldn't. Where corporations use it, if they don't have the correct system implemented, there are loads of issues with monitoring and retention of data."

Smith added that security testers have discovered hundreds of unauthorised IM clients running on some corporate networks.

IM runs over port 80, the default channel for Web traffic. This often regarded as a trusted port and left open to allow users to surf.

"People use IM as a way of getting stuff in and out of the business, bypassing the security infrastructure," said Jason Hart, security director for Whitehat UK. "It's easy to run it without anyone knowing about it and people often use it as a way of getting around compliance laws."

Hart said that 40 percent of firms have banned the use of IM. "But that doesn't guarantee that people won't use it. It causes time-wasting viruses, possible use of spyware and cannot be detected by most firewalls."

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
104 out of 180 people found this useful


Talkback

Post a comment


Full Talkback thread

1 comment

  1. What a strangely paranoid perspective on such an i... Dennis B. Smith

Related Links

More In Online business



Company/Topic Alerts

Create a new alert from the list below:




Related Jobs

Principle Regulatory Affairs Executive - 50K - London

Clinical Research Associate (CRA) (CRA II) German Speaking Based in Sc

EXPERIENCED CLINICAL RESEARCH ASSOCIATE (CRA) HOMEBASED NORTH ENGLAND

Sentry Posts Blog

Nasa and the virus

Yesterday the BBC ran a story about a computer virus making it into orbit, which I read with incredulity. OK, it's a nice silly season story on the surface, but what really got me was... More

3 comments

Customer data found on eBay server hig...

The recent news about customer details being retrieved from a server sold on eBay is yet another story about the sorry state of information security in the electronic age (see: http://news.zdnet.co.uk/...m).... More

Post a comment

Does it matter if you are an aardvark...

In spam terms, apparently it does. According to Cambridge University security expert Richard Clayton, if your email address is aardvark at animal.net, you are more likely to receive... More

5 comments