The enterprise hazard of using consumer messaging apps in the workplace

Making the right investments now will safeguard an organization’s mobile communication infrastructure from future cyber-attacks

The security threat posed by these commercial consumer messaging apps was spotlighted in May when it was revealed that a vulnerability in WhatsApp could be used to compromise user chat sessions, files, and messages.
The security threat posed by these commercial consumer messaging apps was spotlighted in May when it was revealed that a vulnerability in WhatsApp could be used to compromise user chat sessions, files, and messages.

Employees today depend heavily on their smartphones and mobile messaging tools for business communications. The convenience of mobile technology enhances employee productivity, allowing them to easily communicate and collaborate with each other as well as with clients, partners and suppliers.

A NetSfere study conducted in partnership with 451 Research examining the challenges and opportunities of mobility and messaging in the modern work environment found that 80% of employee respondents use their smartphones for business purposes on a daily basis. The report also found that three out of four respondents said they use SMS daily. The influence of consumer-driven mobility and workplace flexibility are two factors driving these trends.

While the ubiquity of mobile device usage in the workforce is fostering operational agility for companies, this usage is also creating new security threats that some companies are ignoring at their own peril.

Security threats in mobile communications

Enterprises are facing rising security risks as business communications increasingly shift to consumer messaging applications on mobile devices. Companies are seeing consumer-grade messaging apps like Facebook Messenger, WhatsApp, and WeChat infiltrate the workplace, bringing with them security loopholes and threats.

The continued increase in BYOD (Bring Your Own Device) and smartphone adoption coupled with employee use of consumer-grade messaging apps that lack the physical and technical safeguards necessary for enterprise communication is exposing companies to security risks. Popular consumer messaging apps like WhatsApp, Facebook Messenger and WeChat that employees are using to talk to each other lack central management capabilities and do not contain critical encryption and security protocols needed to lock down communication and align with compliance and regulatory laws.

Global usage statistics tell the story of how pervasive these apps have become. As of 2019, WhatsApp had approximately 1.6 billion monthly active users, Facebook Messenger had 1.3 billion and WeChat had 1.1 billion users.

The security threat posed by these commercial consumer messaging apps was spotlighted in May when it was revealed that a vulnerability in WhatsApp could be used to compromise user chat sessions, files and messages.

The risk of these types of vulnerabilities is keeping IT security managers awake at night. According to the 451 Research Study, security and productivity are key priorities for IT decision-makers when it comes to business communications. Furthermore, Verizon’s 2019 Mobile Security Index found that 86% of respondents agreed that mobile threats are growing faster than other types of threats.

Companies want employees to have access to technologies that enable them to be more productive, provide better customer service, help meet business objectives and improve their company's bottom line. In fact, most IT decision-makers feel that business communications must be mobile-first messaging first.

While enterprises believe that messaging apps have significant business benefits, the fact that employees' use of consumer messaging apps cannot be monitored or controlled is a major cause for concern. Chat apps clearly present a challenge for enterprises that need to take steps to ensure accountability and compliance. Workplaces with inconsistent mobile messaging policy and tools open the door to privacy, compliance and security risks.

IT decision-makers are recognizing the need for business communication tools available to employees to meet security standards. The 451 Research study found that security and compliance were key priorities for IT decision-makers when it comes to business communications, with 80% of these respondents considered it ‘very important’ that their messaging tools be optimized for mobile-specific working.

Today, mobile messaging has moved beyond text messaging to encompass much more robust functionality including allowing the sharing of comprehensive data such as pictures, voice messages, videos and location information. With all this data and digital information flowing between mobile devices, it is more critical than ever for enterprises to look for solutions that ensure data protection and security in employee mobile messaging.

Looking for solutions

With the growing mobile workforce, a top priority for enterprises is tackling the security challenges involved in enabling an agile working environment. This includes mobile messaging tools that allow employees to stay connected securely in distributed locations.

For most enterprises in all industries, securing the communications channel is critical to ensure confidentiality, data security, and compliance. But it is difficult, if not impossible, for organizations to monitor conversations and interactions via consumer messaging apps.

To secure this communication channel, some companies are opting to prohibit the usage of consumer-grade messaging apps like WhatsApp and Facebook Messenger. Other companies are providing staff training and implementing corporate policies and controls to govern the use of these applications.

While these security measures can help, they are not the answer. Chat apps can be effective real-time collaboration tools that simplify corporate communication, but when it comes to enterprise messaging, organizations need purpose-built apps that allow administrators to monitor and audit usage.

The most effective way to retain a collaborative working environment and ensure secure access to business applications and resources is using a mobile-first enterprise messaging platform.

Enterprise-grade messaging and mobility solutions bring together collaboration, productivity, security and compliance. These solutions also provide encrypted conversations end-to-end, while giving corporate IT full control over communications relationships.

Consumer messaging apps have evolved beyond messaging into communications platforms that enable voice and video calling, access to content and the sharing of content. This same functionality can be found in secure enterprise mobile messaging apps. However, enterprise mobile messaging apps offer capabilities that consumer chat apps do not support. Unlike commercial messaging apps, enterprise-grade secure messaging platforms are monitored and filtered to identify and stop attacks, giving IT total control over employee messaging across multiple devices.

Cloud-based, secure enterprise messaging platforms developed and managed by a third party also help companies cost-effectively deploy a scalable, secure enterprise messaging app across multiple platforms. These solutions eliminate the need for companies to manage and operate an off-the-shelf platform which may be expensive, difficult to customize, time-consuming, and potentially disruptive to upgrade.

Companies looking at enterprise messaging platforms should look for solutions with features that allow:

  • cloud storage
  • centralized administration and policy control
  • customization
  • archiving
  • remote wipe 

Corporate wakeup call

Consumer-grade apps result in fragmented collaboration, a limited role for IT and poses security risks to businesses. This should serve as a wakeup call to business leaders on the importance of adopting corporate-issued collaboration platforms, taking an approach that treats mobile as their primary employee communication channel. Even so, platform adoption has been slow.

The slow uptake of a mobile-first approach to business communication and collaboration tools means that many companies remain at risk of security threats. The 451 Research report noted that “organizations still tend to address mobility as an added feature rather than a mission-critical capability. This results in technical limitations that impact the user experience, leading employees to rely on alternative services for real-time, peer-to-peer communications, which opens the door to privacy, compliance and security risks.”

The report went on to note that “the reality is that flexibility in the workplace without the right technology can lead to a fragmented collaboration landscape, resulting in limited productivity gains. Furthermore, such a situation lends itself to less than adequate security practices, which can place the organization at risk. Whether they realize it or not, many organizations are playing with fire because they aren’t taking a comprehensive approach with their business communications and collaboration technology strategy.”

Mobile messaging is now the communication standard for both consumers and businesses and it is not changing any time soon – it increases productivity and allows for flexible work arrangements. However, it poses serious risks in the enterprise that need to be taken seriously, making secure, scalable communication platforms a necessity for the modern business. Making the right investments now will safeguard the enterprise from cyber-attacks that could be detrimental to a corporation’s reputation and finances.

About the Author:

Anurag Lal is the President & CEO of Infinite Convergence Solutions. With more than 25 years of leadership and operating experience in technology, mobile, SaaS, cloud and telecom services, Anurag leads a talented team of innovators who are transforming everyday messaging technology into secure, highly scalable communication platforms that can be leveraged across a variety of markets and segments.

Prior to Infinite Convergence, Anurag served as Senior Vice President at Meru Networks (NASDAQ: MERU) and Chief Business Development and Sales Officer at iPass Inc. (NASDAQ: IPAS). During his tenure at these organizations, Anurag played an instrumental role in the successful, multi-billion-dollar IPOs for both iPass and Meru Networks. Anurag’s background also includes tenures as Vice President of Internet and Multimedia Services for British Telecom (Worldwide) and senior management roles at Sprint International.

Appointed by the Obama administration, Anurag previously served as a Director of the U.S. National Broadband Task Force (part of the Federal Communications Commission). In his role on the task force, Anurag helped develop a deeper understanding of global broadband policies, regulations and best practices. He was also a core contributor to the first-ever national broadband plan.

 

More in Cybersecurity