Using Instant Messaging Safely
Instant Messaging (IM) is a form of electronic
communication enabling ad hoc collaboration through
sending and receiving messages almost instantaneously
across a network connection. This can be via mobile
communication devices or via Internet connected
computers. Since the introduction of popular messaging
tools such as SMS, WhatsApp, WeChat, LINE, Skype and Facebook Messenger, more and
more people are enjoying the convenience and ease
provided by real-time messaging in their daily
IM is not only popular with home users, but it is also
increasingly common in the workplace. IM has found
a place in business, for services such as communicating
with customers and partners, offering customer
support, receiving real-time alerts, as well as
management and project coordination.
Though IM is an effective and easy means of network-based
communication, it presents a number of security
risks if proper security measures are not enforced.
Public IM is rapidly becoming an alternative channel
for social media fraud, as well as spreading malware or sending out deceptive messages.
Tips for End-users
The following tips are designed for end-users
using IM as regular communication tool.
Enable message encryption at your IM software.
Regularly review the security and privacy settings of your IM service.
Before opening a file received via
IM, verify with the sender and scan
the file with anti-malware software.
Verify all recipient(s) of your message before send.
Keep your IM software (and other system
components) up-to-date with the latest
patches, enable personal firewall protection,
and install anti-malware software with
Enable all notifications when incoming
messages/calls/files are received to
ensure nothing happens in the background
without your knowledge.
Verify the identity of the sender and the validity of the request if received a message asking for money transactions or buying virtual point cards or reload cards.
Be cautious when receiving any messages from system support, and remain vigilant at any time.
Avoid sending personal or sensitive information over IM networks. If necessary, encrypt the information during data transmission. If technically feasible, enable message self-deletion as well.
Do not reply to any messages from un-trusted / unknown contacts, in particular those asking for your personal data, password or other verification code.
Do not set your IM client to automatically
accept file transfers. If you do, you
place yourself at very high risk of
automatically accepting virus-infected
Do not click on URL links from un-trusted
/ unknown contacts in IM.
Do not reveal personal information at your profile.
Tips for Enterprise Users
If an organisation decides to use an IM system,
the following set of security controls should
be considered and implemented:
Implement an enterprise IM solution
instead of using public IM clients. Organisations
should explore the possibility of deploying
their own enterprise IM architecture within
the network environment, and integrate their
IM system with the existing authentication
Develop an IM usage policy and clearly disseminate
to all IM users. The IM usage policy should
be technology and product neutral.
Implement IM hygiene solutions which are
a collection of services that allow organisations
to enforce IM usage policies by monitoring
usage, managing IM traffic and filtering content
to block unwanted messages, malware
and offensive material, as well as logging
all IM messages for audit purposes.
Ensure all external IM traffic goes through
a secure gateway.