Effusia Blog

Mobility is the key to my productivity. To be able to work on the go without being connected to a desk is my work environment of choice. And as wireless hotspots become ubiquitous and cell advancements continue to cater to more robust applications office space really symbolizes a TPS report in my opinion. Ah, the freedom of working untethered! And working on the go keeps the creative juices flowing. I do not think the mute grey fabric of a cubicle has ever inspired me. Though the meerkat/groundhog response to stimuli in cubefarms inspired me to win the wack-a-mole game at the fair. But winning a stuffed animal is not the point. Those are sewn overseas with lead paint noses.

All these tech developments help the US convert its workforce to compete in services instead of manufacturing. And distributed workforces allow companies to hire the best talent regardless of location. We have a number of clients that use Effusia to connect far-flung employees and multiple offices. The feedback we get is that their productivity and creativity have both increased. And the communication is secure over the public networks. Of course every great productivity tool has its downside. For me work and not work has become a grey area. Vacation now means responding to emails from the beach and voicemails while you are on the chairlift. Still, it is better than sitting in the office staring at your inbox waiting for that critical message to magically appear. Unless of course you are filleting a fish in your cubicle while you wait.

I’d like to introduce you to our ongoing series of blog posts about using public instant messaging applications in your business. First, let me make clear what I mean when I talk about public IM applications. These are free applications designed for consumers to use on their home computers for quick communication with friends and family. When your kids aren’t texting each other on their phones, they’re using these to communicate. We’re talking about AOL Instant Messenger (AIM), Yahoo! Messenger, Google Chat and the like. Now, given that we sell a secure business instant messenger and we’re calling this “Public IM Perils” we obviously already have an opinion on this issue. However, we’re not here to throw out a lot of FUD; instead we’d like to give you some things to think about when choosing what’s right for your business (and sometimes that is public IM).

What is social engineering?

Sarah Granger’s article on the subject, Social Engineering Fundamentals, Part 1: Hacker Tactics at Security Focus defines it like so:

…social engineering is generally a hacker’s clever manipulation of the natural human tendency to trust. The hacker’s goal is to obtain information that will allow him/her to gain unauthorized access to a valued system and the information that resides on that system.

So basically social engineering is not about engineering at all, it’s a good old fashioned con. Basically hackers convince people to do something that’s a bad idea for plausible sounding reasons. It’s no different than con artists who get Grandma to pay for a driveway repaving that never happens. It just so happens that social engineering usually involves some kind of technology.

So what does this have to do with Public IM?

One of the first things a social engineer needs to work his magic is access to someone on the inside. Public IM is all about access. With public IM your users can be talking to anyone at any time about anything. As a business owner or IT department you don’t control who’s allowed on the system and you don’t control your user’s contact lists. Even if your users aren’t actively engaging in talking to nefarious outsiders (of course they aren’t!), it’s relatively easy for these outsiders to lookup your users in public directories and contact them. In fact this is how many of the so-called IM viruses actually work. PC world discusses these types of viruses here. A man even lost his job due to one.

What are the risks?

There are two major risks with these types of social engineering attacks: loss of information and actual damage to your internal IT systems. When a social engineering hacker or a virus written by one targets a user, that user may inadvertently give up all sorts of proprietary information that your company doesn’t want released. Not only do most public IM apps permit the transfer of information in the form of messages, they permit file transfers as well. So you’re not just at risk of an employee saying something you’d rather not be said, but that employee could send documents to outsiders as well. As for your IT systems, public IM provides yet another “attack vector” like email. A message with the appropriate wording could convince a user to click on a link which executes a malicious file or takes the user to a dangerous website.

Mitigating the risks

One of the draws of public IM is its openness. It makes it very easy to communicate with people outside your organization. The big caveat is it leaves your users and your company open to social engineering attacks from people who exploit this openness. To combat this, we’d suggest using a secure, internal IM system like Effusia Business Messenger (but you knew we’d say that). If you don’t choose to do that, make sure you’ve educated your users about the risks. Make sure they know the following:

• Don’t click on links sent by unknown people
• Don’t open or download files sent from unknown people
• Don’t send files or privileged information to other users via public IM systems

Bottom line, if you’re using public IM in your business, your users should follow that timeworn motherly advice: “Don’t talk to strangers”.

If your business is running Linux, you don’t have many options for internal instant messaging. Of course there are always public systems but those send your company IMs outside of your company’s protected network and over the Internet. That is a serious security risk for your company’s network and more importantly your company’s sensitive information!

Since our initial release over 5 years ago, Effusia has released a version for Linux. Our customer base for the Linux version has unfortunately been small and for the Effusia Console on the desktop, practically non existent. Linux on the Desktop has been slow to take.

Every year seems to be the year of the Linux desktop but this year is even more so. With many users disappointed with Microsoft Vista, companies like Dell selling Linux pre-installed and with great attention given to the desktop user by distributions such as Ubuntu and Fedora, maybe this will be the year.

Recently we have also had more interest from some existing customers for an updated Effusia Console for Linux. I’ve spent a good part of the past week working on that release. Aside from a few little quirks along the way, it is now working beautifully.

Are you running Linux on the desktop? We would love to hear from you and while you are here, download a free trial and let us know what you think of the Effusia Console on Linux.

Welcome all to the Effusia blog. Through this blog we hope to start an open dialogue about instant messaging and technology trends, create a platform to discuss future Effusia feature development and provide users a place to share IM and technology tips that make work environments more fun and/or efficient. Welcome!

Abbreviation Efficiency? 

I confess that all the abbreviations used in IM and somewhat in text messaging are baffling to someone as old as me. Heck, I am in my 30’s which is senior citizen status for most IMers. Now that I use it constantly at work and less regularly on a social level I definitely enjoy the immediate gratification it provides. What still gives me pause is all the abbreviations. It saves time from typing all those words but it takes me that much longer to figure out what is actually being said.  To brush up on the IMish language I have found a nice little dictionary to refer to whenever I find myself questioning if I should be laughing or offended at a bunch of nonsensical letters strung together. If you find yourself thinking OMGYG2BK, just check out this IM dictionary to break the code.