Can companies regulate employee messaging apps for security?
The use of messaging apps has become a part of everyday life in many workplaces – but the sharing of sensitive data poses a major compliance risk for organisations.
A leading bank recently hit the headlines for heavily penalizing its bankers for conducting official business through messaging apps such as WhatsApp. Depending on the penalty, employees will take a hit from their salary or bonus to pay their fine.
However, experts are critical of whether this will solve the problem and discourage staff from using unofficial communication channels.
The use of unofficial channels for business communication is not new. In recent years, politicians have been criticized in the media for messaging on apps that make official business communications difficult to track. The use of messaging apps has become a part of everyday life for many people and seems to be a popular choice for communication purposes at work, even if they may not be compliant.
Security threats in messaging apps
Despite their convenience, the use of these channels to discuss business deals and share sensitive data presents a serious compliance risk for regulated entities. The pandemic is believed to have triggered an increase in the use of messaging, collaboration, and video conferencing tools as they created a semblance of “business as usual” in organizations.
However, what was used to replace meetings between employees quickly covered a variety of business interactions that were never designed for these platforms. Veritas research found that almost three-quarters of employees admitted to sharing confidential and business-critical company data via channels such as WhatsApp, text message or Zoom. This leaves organizations open to a range of threats, from data loss to non-compliance to ransomware threats.
Improving visibility through communication channels
The challenge for financial services organizations now is that the genie is out of the bottle. Your workforce knows that the best way to reach your customers is very often by hitting them up on the messaging app on their phone. Telling them to stop can feel like the business is shackling their productivity, and a blanket ban often simply drives the use of these messaging services underground. This concealment makes compliance and security even more difficult. Now is the time for businesses to take back control and confront this risk.
Now is the time for businesses to take back control and confront this risk
Coming to terms with risk and regaining control
What can businesses do if they want to move forward without hindering productivity by embracing the use of newer channels, but also recognizing the risks? The answer is to learn to treat these messaging apps the same way we treat more established methods of communication. Collaboration and messaging tools should be incorporated into the same eDiscovery and data retention policies that we apply to email. Financial services organizations need to change their mindset from “detect and disable messaging tools” to “find and protect the use of messaging tools.” This allows users to maximize assets without compromising the business. Using the products they prefer can result in better performance.
In addition, incorporating these communication tools improves visibility across the communications landscape, allowing the IT team to identify potential risks arising from the use of messaging applications. Incorporating cloud-based communication platforms is key to quickly identifying and isolating problems before data damage can spread. In other words, quick identification of a breach and prevention of damage is paramount.
Centralize data and follow company protocols
When it comes to compliance, centralizing data and following company protocols makes it much easier. However, protocols are not always aligned to be effective for employees. As technology advances, some organizations have not been able to keep up and employees are using tools that have not made it easy for them to do the work they see fit.
While prioritizing compliance can limit businesses’ use of different technologies, it can also limit opportunities. Instead, to meet compliance requirements and improve employee performance – incorporating new communication methods into data management strategies can reduce associated risks. This requires financial institutions to actively engage with new technologies to stay compliant while staying current and innovative.
This piece was written by Barry Cashman, VP UK&I at Veritas Technologies