It's getting to the point where I get a dozen or so messages of SPIM, or instant messaging spam, every week. Which apparently isn't much considering my boss gets, on average, around 20 SPIM messages a day. So, what can we do to stop these annoying messages?
Not much, but some would argue a sound security policy would give users guidance to at least lower the number of SPIM messages. IT Business Edge Knowledge Network partner Info-Tech Research Group has uploaded a sample IM Security Policy that serves as a template for the creation of your own policy.
This sample policy starts by addressing supported IM solutions, personal use, acceptable use and unacceptable use. Some specifics under the unacceptable use section include use of IM systems and services for unsolicited mass mailings, non-company commercial activity, dissemination of chain letters, use by non-employees, sharing IM account passwords with another person, or attempting to obtain another person's IM account password.
The policy goes on to further address privacy, record retention and file sharing.
Info-Tech has also uploaded two documents addressing wireless security. This Wireless Security Access Policy puts steps in place to curb the risk of using inexpensive wireless networking resources to connect to the corporate network. Because wireless network segments are inherently less secure than conventionally wired components, wholesale, uncontrolled use of wireless access will expose your company to additional risk. That's where this document could be useful.
Also, wireless LANs are complicated enough to manage, never mind dealing with the possibility of rogue access points sapping bandwidth from legitimate users. Info-Tech's Wireless Access Point Policy should help shore up practices and procedures for installing APs across your organization.