Accessibility Links

Accessibility Links

Infosec
English 繁體版 简体版

Navigation Menu 1

General UsersYoungsters & StudentsParents and TeachersIT ProfessionalsSME
FAQ Search :
Change text size: Text Size: Default Size (A) Text Size: Larger (A) Text Size: Largest (A)
general user youngsters and students parents and teachers IT professionals sme

Navigation Menu 2

 

  

 
 

Using Instant Messaging Safely

Instant Messaging (IM) is a form of electronic communication enabling ad hoc collaboration through sending and receiving messages almost instantaneously across a network connection. This can be via mobile communication devices or via Internet connected computers. Since the introduction of popular messaging tools such as SMS, WhatsApp, WeChat, LINE, Skype and Facebook Messenger, more and more people are enjoying the convenience and ease provided by real-time messaging in their daily life.

IM is not only popular with home users, but it is also increasingly common in the workplace. IM has found a place in business, for services such as communicating with customers and partners, offering customer support, receiving real-time alerts, as well as management and project coordination.

Though IM is an effective and easy means of network-based communication, it presents a number of security risks if proper security measures are not enforced. Public IM is rapidly becoming an alternative channel for social media fraud, as well as spreading malware or sending out deceptive messages.

Tips for End-users

The following tips are designed for end-users using IM as regular communication tool.

DO'S
  • Enable message encryption at your IM software.

  • Regularly review the security and privacy settings of your IM service.

  • Before opening a file received via IM, verify with the sender and scan the file with anti-malware software.

  • Verify all recipient(s) of your message before send.

  • Keep your IM software (and other system components) up-to-date with the latest patches, enable personal firewall protection, and install anti-malware software with signature up-to-date.

  • Enable all notifications when incoming messages/calls/files are received to ensure nothing happens in the background without your knowledge.

  • Verify the identity of the sender and the validity of the request if received a message asking for money transactions or buying virtual point cards or reload cards.

  • Be cautious when receiving any messages from system support, and remain vigilant at any time.

  • Avoid sending personal or sensitive information over IM networks. If necessary, encrypt the information during data transmission. If technically feasible, enable message self-deletion as well.

DON'TS
  • Do not reply to any messages from un-trusted / unknown contacts, in particular those asking for your personal data, password or other verification code.

  • Do not set your IM client to automatically accept file transfers. If you do, you place yourself at very high risk of automatically accepting virus-infected files unknowingly.

  • Do not click on URL links from un-trusted / unknown contacts in IM.

  • Do not reveal personal information at your profile.

Tips for Enterprise Users

If an organisation decides to use an IM system, the following set of security controls should be considered and implemented:

  • Implement an enterprise IM solution instead of using public IM clients. Organisations should explore the possibility of deploying their own enterprise IM architecture within the network environment, and integrate their IM system with the existing authentication mechanisms.

  • Develop an IM usage policy and clearly disseminate to all IM users. The IM usage policy should be technology and product neutral.

  • Implement IM hygiene solutions which are a collection of services that allow organisations to enforce IM usage policies by monitoring usage, managing IM traffic and filtering content to block unwanted messages, malware and offensive material, as well as logging all IM messages for audit purposes.

  • Ensure all external IM traffic goes through a secure gateway.

 
 
     
Back back to topTop
 

Footer Menu

Sitemap | Contact Us | Privacy Policy | Important Notices
 
General Users Youngsters & Students Parents & Teachers IT Professionals SME