How to keep your business communications safe on WhatsApp

How to keep your business communications safe on WhatsApp

Bring-your own device policies and remote working have become common. But the new challenge is now ‘bring your own application’ and unapproved shadow IT such as using consumer chat applications for business.

In particular, businesses should be thinking about WhatsApp because:

  • More than 80 percent of employees admit to using non-approved cloud services
  • Businesses use 20 times more cloud apps than they think
  • WhatsApp has over 2.1bn users worldwide. More and more people use it for work regardless of corporate policies. This makes it one of the fastest growing forms of shadow IT today.

Use of non-approved apps at work is rarely malicious. But, when personal or work-related data is shared over any unknown app, it quickly becomes a business issue. Here’s how to keep communications secure and compliant on WhatsApp:

  1. Embrace it

The dawning realisation that people are sending confidential business information over WhatsApp can instil anything from mild panic to control-freak mode in managers. And first instincts may be to shut everything down. But, many are actually embracing WhatsApp. Why? Because more often than not, it can help a business. Here’s how:

  • Efficient instant communications. If enterprise tech slows employees down, they’ll turn to instant messaging to get the job done quicker. People already know how to use WhatsApp.
  • Social workspace. Blurring social and work lines through instant messaging fosters collegial relationships which increases productivity – and emojis make us happy. WhatsApp is more social and informal than traditional corporate communication channels.
  • Attract and retain new talent. Today people want to work remotely with the tools they already know. Embracing communication channels like WhatsApp can make younger recruits feel more at home.

Like consumers, employees are leading the way to improve communications. Shutting down WhatsApp will create resistance, backlash, and won’t stop people using it. Instead, trust and empower employees with the tools they prefer.

  1. Know the issues and risks

Despite the benefits, WhatsApp isn’t built for businesses. Here are the key security issues and compliance risks:

  • Encryption means no visibility. The problem with WhatsApp’s end-to-end encryption is that it’s too secure. There’s no visibility to anyone outside the chat, including the IT department.
  • It’s not compliant. Encryption also means a clash with regulations like MiFID and the upcoming GDPR. Any lack of visibility, clear consent and privacy around data storage just won’t work.
  • Devices aren’t locked down. WhatsApp is mainly accessed on phones or tablets. If these aren’t managed properly, businesses are at risk.

The good news is there are ways to work around shadow IT problems. Sticking with the devil you know in WhatsApp will save you an overhaul and some awkward meetings too.

  1. Solve with the right technology

There are lots of tools out to help businesses to manage shadow IT securely. But few can handle WhatsApp. So for this, our compliance vote goes to Actiance and their app Socialite.

How does it work?

Build on Microsoft tech, Socialite captures activity on WhatsApp (and other social apps) in real-time. Then it uses contextual archiving and analytics to flag sensitive messages. It allows you to be part of the conversation, and spot problems and opportunities early

How does it crack end-to-end encryption?

WhatsApp recently rejected UK government requests to access data. So naturally, IT professionals are wondering ‘how on earth does anyone get access for compliance and security purposes?’

The answer is employee opt-in. WhatsApp data collection under new regulations is about employee privacy too. Actiance are compliant by design, and their app is already way ahead of the GDPR curve because it builds ethical walls from the inside out.

  1. Build culture and awareness

New technology plays an important role in shaping the new compliance landscape. But it’s attitudes to data privacy and security that are really changing. Training and awareness is now key, and including all employees in discussions from the outset will encourage buy-in.

Ultimately, the message to drive home is this: data belongs to individual, and needs to be protected for this reason. Focus on creating a culture of compliance, risk control and security around data. But (crucially) one that’s open and collegial too.

Work with workforce trends for best business outcomes

Despite shadow IT being feared not long ago, it’s gained traction to reflect Gartner’s predictions for 2017. To be proactive and future-proof, managers must work with workforce trends, not against them, no matter what their instincts say.

Blogs,Compliance, Governance and Resilience,

10th January 2018

Isobell Lawrence

back to knowledge hub