Security Assessment: Skype for Business


Instant Messaging is one of the latest forms of electronic communication and it is rapidly gaining ground as a form of business communication. While many businesses are aware of the possible benefits of IM, such as its ability to promote real-time communication amongst work colleagues and customers, most organisations have been slow to assess the likely impact of IM on their corporate risk profile, and therefore have no agreed policy on its use. IM tools are sophisticated and may enter networks, notwithstanding the fact that firewalls are in place, or obvious ports locked down.  We needs to understand the legal implications of IM and to take swift action to mitigate the potential legal risks of IM use.

Employees Liability:

An employer is liable for the acts of its employees, in short we can conclude that an employer will not necessarily escape liability arising from IM use. This is why employers need to take the risks arising from IM seriously.

Conversation History:

Some organisations take the view that IM leaves no trace, and therefore there is no record of any wrongdoing. This reasoning is flawed for several reasons. Firstly there is a history facility in IM products, which keeps a record of IM conversations. Secondly, even if the history facility is switched off at the sender’s end, the recipient may have a copy. So if you are a service provider for IM, make sure that all Conversation histories are tracked for records. There is also the argument that in fact records of business transactions should be kept, and IM records of transactions are as much a record of business transactions as any other type of record. An organisation needs records as evidence to defend its legal rights: either by taking a claim or by defending a claim.

Infringement of Intellectual Property Rights Copyright:

Protects documents that are original, where effort has been invested in their creation. Copyright protects the economic value in that investment of effort. It is a breach of copyright not only to copy documents without the permission of the copyright holder, but also to issue copies to the public. Most organisations hold documents that are subject to copyright that is owned by a third party, as well as their own documents subject to copyright. Whilst most organisations would suffer a loss arising from the disclosure of their own valuable documents, an even bigger risk lies in allowing the disclosure of the documents of others, as the copyright holder can then launch an action for damages against the employer. In many cases IM will provide an unmonitored route for unlawful disclosure of copyright documents, not to mention an avenue for the sharing of unlawful files.

Viruses and other malicious code:

IM provides viruses and other malicious code with a new route into an organisation. Viruses and malicious code will cause destruction of, or damage to personal data, and so this new route must not remain unmonitored.


A defamatory statement is an untrue statement that tends to lower the reputation of an individual or organisation in the minds of right thinking individuals. An organisation can be exposed to liability for defamatory statements published by IM as much as it can be exposed to such liability for defamatory statements published by e-mail.

Regulatory Requirements:

Where organisations are subject to regulatory requirements in relation to their communications, those requirements will apply to IM communications as much as to e-mail communications.

Why monitoring IM usage is essential ?

It is much better to monitor communications to ensure that corporate communications are of an acceptable quality and content than to have to deal with embarrassing and financially damaging situations later. IM records are subject to disclosure in legal proceedings, and must be preserved when litigation is contemplated.


The risks associated with uncontrolled IM use need to be taken seriously by organisations of all sizes. Taking preventive measures is better than applying a cure after the fact.

Few major IM Security Providers in market are as below.




If you have any suggestions or feedback, please feel free to comment below.

By Anoop Karikuzhiyil Babu

Started his career with Exchange 2003 as a Microsoft Support Engineer, later moved to Microsoft Enterprise Unified Communication Team as Premier Engineer. Post handling numerous Premier environments and deployments, currently settled as a Solution Architect for Messaging and Collaboration in United Arab Emirates largest Tier3 Datacenter.

Leave a Reply

Your email address will not be published. Required fields are marked *