Without the ability for employees to communicate in real-time, regardless of location, the modern workplace would not be feasible. In fact, businesses with effective communication practices are 50 percent more likely to have lower-than-average employee turnover rates. This has given rise to a host of messaging platforms, all with the same promise – removing barriers to collaboration and offering an easier approach to workplace communication than messaging’s more formal sibling, email.
For all the collaborative and productivity benefits many messaging platforms offer, they also open companies up to a host of security risks if they don’t have the right protocols in place. High-risk sectors where customer privacy is paramount, like financial services and law, must be especially vigilant.
Some might think that the solution is to eliminate messaging altogether, and force employee communication over more secure email channels – but this is short-sighted. As its name suggests, instant messaging makes employees’ lives easier, hence the “instant.” Without a company-sanctioned option, employees may still choose to communicate with each other on generic messaging platforms due to their ease of use. In fact, 40 percent would pay for social collaboration tools themselves. This eliminates any control the company has over security and should be avoided.
The best course of action for companies is to implement a messaging platform with vetted security protocols rather than leaving employees to communicate on their own.
The rise of generic messaging platforms in the workplace
While many communication platforms designed for workplaces exist, there has been a rise in the use of more generic messenger platforms among employees that are typically used in every-day life. This is especially prevalent outside the US where the likes of WhatsApp and WeChat have risen in prominence. In fact, the majority of Chinese professionals consider WeChat as their preferred method of workplace communication.
While these platforms offer the same basic communication benefits as their workplace-specific counterparts – that is the ability to send messages – they are not designed with enterprise grade security in mind. This is especially true in certain industries where non-compliance with regulations can have legal implications.
The recent WhatsApp breach that targeted millions of people raises another weak point of these generic platforms. Their use by regular consumers at a large scale makes them a prime target for hackers looking to steal private information. WhatsApp was targeted by spyware, and even though it offers end-to-end encryption, it wasn’t enough to stop hackers from breaching the calling feature. WhatsApp is not alone in these vulnerabilities; they likely exist in most consumer messaging apps.
What security features to look for in a workplace messaging platform
Given the pitfalls that can occur if sensitive information is exposed through a breach of employee communications, businesses should look for enterprise-grade communication and collaboration platforms with a specific set of security features to minimize risks. While there’s no silver bullet to prevent breaches, as hackers are getting more sophisticated by the day, there are features and certifications that lend to a safer and more secure employee communication strategy.
Encryption
Encryption helps to protect against data breaches and hacks that could ruin a company’s reputation. No matter how sensitive the content, businesses should make sure the messaging platform they choose encrypts all messages in an unintelligible format until it reaches the intended recipient. Decryption should only occur when the message is opened by the intended person. Companies should also ensure that all employees have the encrypted app for the approved platform on their smartphone to make sure all internal communication is protected even if it’s not done on company-owned hardware.
Compliance
When it comes to data and customer information – especially in financial services, law, hospitality and insurance – there are many regulations that companies must consider. GDPR is the main one that typically comes to mind, but depending on the industry, HIPPA, SOC 2, ISO and other compliance statuses become important. By ensuring the chosen messaging platform complies with all the relevant regulations in the company’s industry, potential issues and the resulting fines can be pre-emptively stopped.
Data Center Security
A messaging platform is only as secure as the server it uses, so knowing what data center or cloud service the platform uses is essential to ensuring messages are secure. Common cloud service options like AWS and Azure have highly regarded built-in security, so messaging platforms that are hosted on these benefits from all the security and compliance measures they have in place. If a platform uses another data center option, it must be thoroughly vetted for security protocols before it’s selected.
The bottom line
As technology has advanced to improve security measures, so has the technology used by hackers. Businesses need to stay up to date with the most appropriate and safe communication methods. Encrypted message technology is improving all the time, but employees also need to be educated in how to ensure they are using the best platform and taking the necessary safety steps.
It’s clear that as technology evolves and is adopted, businesses need to continuously evaluate existing employee communication strategies to determine whether they provide sufficient security for corporate use. It is imperative for companies to opt for platforms built and designed with enterprise security and compliance in mind. Communication is a core need for any business and company leaders, but security should remain paramount.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.