FDIC issues new instant messaging guidelines

The Federal Deposit Insurance Corporation (FDIC) is warning the nation's financial institutions about the perils of instant messaging.

The FDIC's Guidance on Instant Messaging warns that using the popular consumer IM clients, such as Yahoo!, Microsoft's MSN Messenger and AOL's Instant Messenger, can expose companies to security, privacy and legal liability risks.

According to the FDIC recommendations, members should protect themselves against these vulnerabilities by establishing policies and implementing solutions to allow, restrict or deny IM use based on the individual need of the enterprise.

For the FDIC, spokesman Frank Gresock emphasized that the guide is intended to alert banks to significant vulnerabilities in specific systems or ones that arise through the internet.

"The FDIC is constantly evaluating the different threats posed by different technologies and will consider providing guidance on any area the FDIC identifies as posing significant risk to the banking industry or the insurance fund," he said.

Two IM vendors, WebSense and IMlogic, agreed that the guidelines are important.

Mike Newman, WebSense vice-president, general counsel, said the guidelines are essential because they highlight an area of significant security vulnerabilities that financial institutes might not be aware of.

"IM is increasingly being used as a vehicle to inject vulnerabilities and worms into companies' networks," he said.

Art Gilliland, director of product management at IMlogic, said the company is seeing a convergence in communications media from a regulatory perspective.

He agreed that the lack of built-in security and the ability to download files creates an environment in which viruses and worms can spread quickly. "It's a medium with no compliance tools built for it," he said.