Using Instant Messaging Safely
Tips for End-users
The following tips are designed for end-users using IM as regular communication tool.
Enable message encryption at your IM software.
Enable two-factor authentication.
Regularly review the security and privacy settings of your IM service.
Before opening a file received via IM, verify with the sender and scan the file with anti-malware software.
Verify all recipient(s) of your message before send.
Keep your IM software (and other system components) up-to-date with the latest patches, enable personal firewall protection, and install anti-malware software with signature up-to-date.
Enable all notifications when incoming messages/calls/files are received to ensure nothing happens in the background without your knowledge.
Verify the identity of the sender and the validity of the request if received a message asking for money transactions or buying virtual point cards or reload cards.
Be cautious when receiving any messages from system support, and remain vigilant at any time.
Avoid sending personal or sensitive information over IM networks. If necessary, encrypt the information during data transmission. If technically feasible, enable message self-deletion as well.
Do not reply to any messages from un-trusted / unknown contacts, in particular those asking for your personal data, password or other verification code.
Do not set your IM client to automatically accept file transfers. If you do, you place yourself at very high risk of automatically accepting malware-infected files unknowingly.
Do not click on URL links from un-trusted / unknown contacts in IM.
Do not reveal personal information at your profile.
Tips for Enterprise Users
If an organisation decides to use an IM system, the following set of security controls should be considered and implemented:
Implement an enterprise IM solution instead of using public IM clients. Organisations should explore the possibility of deploying their own enterprise IM architecture within the network environment, and integrate their IM system with the existing authentication mechanisms.
Develop an IM usage policy and clearly disseminate to all IM users. The IM usage policy should be technology and product neutral.
Implement IM hygiene solutions which are a collection of services that allow organisations to enforce IM usage policies by monitoring usage, managing IM traffic and filtering content to block unwanted messages, malware and offensive material, as well as logging all IM messages for audit purposes.
Ensure all external IM traffic goes through a secure gateway.