How to Avoid Billion Dollar Fines for Insecure Messaging Apps

In September, the U.S. Securities and Exchange Commission (SEC) fined some of Wall Street’s largest banks $1.8 billion for failing to keep personal information secure in internal communications. According to the 451 Research report, these banks, which include Barclay’s, Bank of America, Citigroup Global Markets, Goldman Sachs, JP Morgan Chase and others, received these fines for “widespread and for his persistent failures”. .

Although financial institutions were hit by the latest blow, this is not an isolated case. Businesses in all industries are at risk of data being compromised by untrusted messaging apps. With the rise of remote and hybrid work environments and the spread of “bring your own device” (BYOD) practices in the workplace, data breaches and ransomware attacks are becoming more common. 451 Research reports that 68% of workers use their personal smartphones for both personal and business purposes, putting private company and customer data at risk.

In order to avoid facing millions—or even billions—of fines from such cases, companies must consider the risks of using insecure messaging apps in the workplace and adjust their practices accordingly.

Insecure messaging apps pose risks to businesses

While messaging apps are convenient and allow for quick work and communication, they aren’t always the safest route. Popular workplace apps include Microsoft Teams, Slack, and WhatsApp.

Teams and Slack are built on collaboration and integration within the ecosystem of business apps. They were not originally designed for secure business communications that meet strict regulatory and compliance requirements such as GDPR, HIPAA, and more. WhatsApp is a consumer-grade app designed for communicating with friends and family, not necessarily for work-related content.

When using such applications, the transfer of data, files, attachments and general conversations is at risk of falling into the hands of hackers. These applications are not end-to-end encrypted, meaning that messages can be decoded and accessed or read before the recipient has even opened the message.

In addition to messages, the information stored in these applications can also be captured. WhatsApp has come under fire due to numerous breaches in the past year. A recent incident left nearly 500 million users’ profile data open to hackers and fraudsters, potentially leading to phishing attacks and identity theft.

Insecure communication can lead to huge problems for businesses. Reputations can be destroyed, operations shut down, and lots of money lost.

The importance of compliance

Also, these apps don’t always meet industry standards. These standards are put in place to prevent a company from exploiting the private and personal information of its customers and to protect the business from liability.

Common compliance and privacy requirements include HIPAA, GDPR and FINRA. Maintaining a high standard of compliance enables the organization’s employees to develop trusting relationships with their external partners and customers. Businesses in the healthcare, banking and legal sectors should consider these requirements when adopting a messaging platform for their employees.

These industries are at the highest risk of cyber attacks because they hold the most valuable information for hackers. Personal identification and bank details are the crème de la crème of hackers. The largest health data breach of 2022 occurred in October, when the personal health information (PHI) of nearly three million Advocate Aurora Health patients was released to Meta/Facebook due to a coding error. The second largest incident of the year occurred at SightCare, Inc. and was the result of a successful hacking attempt.

This year, the price of HIPAA violations has risen in line with inflation. HIPAA violations are now subject to penalties of up to $60,226 per violation and up to $1,919,173 per calendar year. Unless a business has an extra few hundred thousand for the penalty, it can’t afford to comply.

What makes a messaging platform secure and compliant?

The ideal messaging platform used by the company has fully encrypted protocols, which means that not a single message or file, not even the tiniest bit of data, is compromised. Knowing that companies often work with external groups, the most important thing is to trust that information shared between teams will not be intercepted or passed on to third parties.

Platforms may have different levels of encryption, but few are end-to-end encrypted, which is the gold standard for security. In addition to full encryption, the workplace platform should be under the control of the CIO or IT staff. They need to be able to monitor who is accessing the medium and jump in when there are red flags of security risks or breaches. Corporate communications include email, direct messages, and video and voice calls.

In a rapidly changing world, an organization’s communication technology must be updated in real time to protect itself against the latest threats. This also means meeting the latest compliance regulations.

Finding the secure and appropriate messaging app that works best for a company can be difficult. By ensuring that what you use is fully encrypted, adaptable, up-to-date for compliance, and controlled by trusted IT staff, your business is not at risk of financial burdens or business interruptions from a data breach or cyber-attack.

Anurag Lal is the CEO and Chairman of NetSfere.