Three quarters of UK businesses that allow instant messaging do not consider the need to manage its use, despite the security risks.
Instant messaging is increasingly used as a channel to distribute spyware, and can also be used to release confidential company information, often without detection.
A survey of more than 200 UK business and public sector organisations found that 57% had banned the use of instant messaging, but of those that allowed it, only a quarter managed its use.
Of the organisations that had banned the technology, seven out of 10 used methods to enforce the ban that were obsolete, easy to circumvent or ignore, the research carried out by security firms Peapod and FaceTime Communications found.
Most respondents from organisations that banned instant messaging said they used port blocking techniques – but many messaging applications are port evasive, often even tunnelling through HTTP to find an alternative route if the default one is blocked.
Peapod managing director Chris Durna said: “Technology is not the only answer when viewed in isolation. It is also down to the user to play a key role in ensuring that spyware doesn’t get a foothold in the infrastructure.
“In the case of instant messaging this is a particularly relevant point. IM is a communications tool with some pretty emphatic benefits for those who use it correctly, but carries a nasty sting for anyone careless or ignorant.”
Sarah Carter, EMEA strategic partner manager at FaceTime Communications added: “It’s worrying to think that with all the focus on archiving email records, the same does not apply to instant messaging.”
The survey also revealed that 73% of businesses had suffered a spyware invasion in 2006. But of these, less than a fifth were able to identify the source.