Your firewall won't catch viruses sent via an instant message.
Tackle these security danger zones before you use any rapid messaging system, advises Tom Walsh, a security expert at Tom Walsh Consulting in Overland Park, KS.
1. IMs use an unprotected port.
E-mails enter and leave your electronic network through a port in your firewall that scans all e-mails and their attachments for known viruses.
IMs, on the other hand, enter and leave your network through a completely different, unsecured port that does not scan any attachments.
2. You cannot verify IM users.
Any person using a commercial IM application can create a screen name that looks legitimate. It's almost impossible to verify that the person sending you an IM is who he or she claims to be.
Example: A remote user asks you through an IM to reset her password. You ask her to supply a piece of identifying information. She supplies several types of information, including the last four digits of her Social Security number. Why it's not
enough: Though the user provided several pieces of hard-to-know data, a criminal could acquire all of it through social engineering or other form of data theft.
The bottom line: You must only send IMs across your closed, protected network. And any user needing tech support must use either telephone or e-mail to request help.