« Three sites worth your time | Main | Infotubeys »

April 25, 2007

Instant messaging and security: how to talk to IT

Instant messaging (IM) is one of the most popular ways for people of all ages to stay in touch online. For many teens, it is the primary mode of communication. Libraries have been in the IM game for several years now as a way for users to contact staff for anything from a reference question to circulation help. Even though IM is over a decade old now, I’m sad to report that many library staff come to me after my talks or by e-mail or IM, saying “We want to do IM, but IT won’t let us.”

Just as with any other technology, there are security issues with instant messaging. The issues are not that different from those we’ve already encountered and become accustomed to with web surfing and email. Unfortunately, many IT departments have called upon the specter of the “IM Security Threat” to shut down their libraries’ attempts to put an IM service in place. And that’s just plain wrong-headed and lazy on the part of those IT departments. That’s right: wrong-headed and lazy (but don’t say that yourself to your IT people—they’ll probably turn on you).

IT folks always seem to walk into a meeting armed with two articles (it’s always the same two), having not done thorough research, claiming that these things prove, unequivocally, that IM is the devil. It’s good to know your enemy, so read these articles.

  1. More Instant Messaging Security Holes by Fred Langa (2001)
  2. Instant Insecurity: Security Issues of Instant Messaging by Neil Hindocha (2003)

Below is some information you can use to arm yourself when talking to your IT folks and your administration. These recommendations apply for staff-to-staff IM and staff-to-public IM as well.

We’re librarians, folks: let’s use our research skills to find out the right information about the topic and go in there well-prepared.

How the IM Threats Work

The threats that come in through IM are largely worms, viruses, and Trojan horses. Both spread through downloads or link-following. An incoming message can appear to be from someone on the user’s buddy list, or not, and contain text like “Look at my photos!” or “Here’s that file.” Clicking on the link or downloading the file will result in infection. If you have your IM software set up to automatically download attachments, you don’t even need to do anything and you will be infected. The infection could then spread to others on your own buddy list.

How to Stay Safe

  1. As you should be doing already, just for general safe computing reasons, keep your IM, operating system, antivirus, firewall, and antispyware software up to date.
  2. Turn off file-sharing in the IM program(s).
  3. Disable automatic downloads in the IM program(s).
  4. Do not immediately open files or click on links from people. There are few cases in most reference or circulation transactions where the user is going to be sending you a file or link, but if it seems valid, re-send a message to the person asking if the message and its attachments are trustworthy, then continue. Even if the person is a person you know, that doesn’t mean they sent the message or file: automated bots can send these if their computer is infected.

The following articles can give you more information and back-up. Note that they are more up-to-date than the articles the IT folks seem to bandy about.

  1. Tips for keeping your computer safe when using instant message or online chat programs by Steve delVecchio (2005)
  2. Using Instant Messaging and Chat Rooms Safely by the US Computer Emergency Readiness Team (2004)
  3. Instant Messaging Opens New Security Holes by Paul Korzeniowski (2004)

Now what? Read everything I’ve linked to, and then bring this post and all the articles with you to any meeting. Be safe, be careful, and be enthusiastic about this great new service opportunity!

April 25, 2007 | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341c511253ef00e55051fc2b8833

Listed below are links to weblogs that reference Instant messaging and security: how to talk to IT:

Comments

A great IM program to use if you are worried about security is the BigString IM service. All of the messages you type disappear in front of your eyes, people can't track what you type. I use it all the time in school or work when I don't want what I am talking about repeated.

Posted by: Jamie | May 1, 2008

Ellen: Not at all--quote away! Glad to be of service.

Posted by: Sarah Houghton-Jan (LibrarianInBlack.net) | April25, 2007

Thank you for this! I'm part of a panel discussion on this subject next week at the Long Island Library Conferrence in New York. I hope you don't mind if I quote you :-)

Posted by: Ellen Druda | April25, 2007

Post a comment

*Please only submit your comment once. Comments are moderated due to spam problems. I have to approve the comment before it will show up. I will try to do it quickly.*
LiB's simple ground rules for comments:
1. No personal attacks, rude, or intolerant comments.
2. Comments need to actually relate to the blog post topic.