The use of messaging apps has become a part of daily life in many workplaces – but sharing sensitive data poses a major compliance risk for organisations
A leading bank recently made headlines for hitting its bankers with large penalties for conducting official business through messaging apps, such as WhatsApp. Staff will take a hit to their salary or bonuses, depending on the punishment, to pay off their fines.
However, experts are critical about whether this will solve the problem and deter staff from using non-official communication channels.
The use of non-official channels to communicate about business matters isn’t new. In recent years we have seen politicians criticised in the media for messaging on apps that make it difficult to track a trail of communication regarding official business matters. The use of messaging apps has become a part of daily life for many people and it would seem that they are also a popular choice for work communications purposes even if they may not be compliant.
The security threats of messaging apps
Despite their convenience, using these channels to discuss business deals and sharing sensitive data poses a major compliance risk for regulated organisations. The pandemic is believed to have triggered an increase in the use of messaging, collaboration and video-conferencing tools as they gave organisations a semblance of ‘business as usual’.
But, what may have been implemented as a substitute for inter-employee meetings, quickly spun out to cover all sorts of different business interactions that were never intended to take place on these platforms. Veritas research found that almost three-quarters of employees admitted to sharing sensitive and business-critical company data on channels such as WhatsApp, text or Zoom. This leaves organisations open to a whole host of dangers, from data loss to non-compliance, to ransomware threats.
Improving visibility across communication channels
The challenge for financial service organisations now is that the genie is out of the bottle. The workforce knows that the best way to reach their clients is very often to hit them up on whatever messaging app they may have on their phone. Telling them to stop can feel like the business is shackling their productivity and a blanket ban will often simply push the use of these messaging services underground. This concealment makes compliance and security even harder to manage. It’s time businesses take back control and tackle this risk head-on.
It’s time businesses take back control and tackle this risk head-on
Coming to terms with risk and re-establishing control
If businesses want to move forward without hampering productivity by accepting the use of newer channels but also recognising the risks, what can they do? The answer is to learn to treat these messaging apps in the same way that we treat more established methods of communication. Collaboration and messaging tools should be incorporated into the same eDiscovery and data backup policies that we have for email. Financial services organisations need to change the mindset from “find and stamp out the use of messaging tools” to “find and protect the use of messaging tools”. This will empower users to maximise the tools without putting the business at risk. Using what they prefer can yield better performance results.
In addition, incorporating these communications tools will also improve visibility across the whole communications estate, enabling the IT team to identify any potential risks posed by the use of messaging apps. Including cloud communications platforms is crucial in identifying problems quickly and isolating them before damage to data can spread. In other words, identifying a breach quickly and preventing damage is the priority.
Centralising data and following company protocols
When it comes to compliance, centralising data and following company protocols makes it much more straightforward. However, protocols don’t always align with being efficient for employees. As technology has evolved, some organisations have failed to keep up and employees are left using tools that haven’t facilitated them to do work in the best way they see fit.
While prioritising compliance may lead to businesses limiting the use of different technologies, this can also limit opportunities. Instead, to meet both compliance requirements and improve operations amongst staff – incorporating new communication methods into data management strategies can mitigate the associated risks. This calls for financial institutions to actively engage with new technologies to remain compliant whilst keeping up and being innovative.
This piece was written by Barry Cashman, VP UK&I, Veritas Technologies
