5.5 Home IM Security Best Practices

Just as with corporate IM use, there are risks associated with the use of IM in the home. Since all authentication information and content passed using IM is unencrypted, your user name, password, and data could be viewed by anyone. Of course, you may ask why anyone would want to break into your system at home? Rather than wanting to gain access to and misuse information concerning your identity, financial information, or blackmail you for your Web usage habits, an attacker may want to gain control of your computer so he or she can use it to launch attacks on other computer systems. Gaining control of your computer gives an attacker the ability to hide his or her true location as attacks are launched, often against high-profile computer systems such as government or financial systems. An attacker can also watch all your actions on the computer or cause damage to your computer by reformatting your hard drive or changing your data. Even if you have a computer connected to the Internet only to play the latest games or to send e-mail to friends and family, your computer may be a target.

If you use your computer to gain remote access to your company's network, you are also at risk of an attacker exploiting any IM vulnerabilities you have on your machine to gain the same access and rights you have to your company network. If you work from a home computer and require remote...