Carnegie Mellon University’s Computer Emergency Response Team (CERT) has released a security warning about Instant Messaging (IM) and chat rooms accessed from businesses.

The statement expresses the lab’s concerns that because instant messaging and other chat clients rely on end-users to make security decisions, rather than on a central security policy, the applications represent a risk to enterprises.

CERT cites a lack of strong authentication, potential software flaws, Trojan horse attacks, and “social engineering attacks” that result in users passing on sensitive information, as some of the potential chat breaches in business security.

To avoid these potential breaches, CERT advocates disabling chat functionality on company networks unless “the services provided by chat clients are needed in your environment.”