The repercussions associated with insecure messaging platforms
By Anurag Lal, CEO, Netsfere
With the risks and repercussions associated with under-the-radar online messaging now rising inexorably for corporates, the time has come for clear, clinical action. Indeed, it is now nothing short of a business-critical imperative and for more reasons than many enterprise leaders may conceive or appreciate.
For a mobile application that arrived and rose to mass popularity thanks largely to providence, the humble text message has been a central medium for communication since the day it was first launched. In fact, I would go as far as to say the mobile message is, literally, everywhere it can be, used universally by everyone who has a phone.
But as has been the case with countless other technologies that first gained traction and then almost universal adoption, trouble has inevitably followed.
The trouble with consumer-grade messaging platforms
And unfortunately, it is getting worse. A quick search of the word ‘WhatsApp’ on the BBC website, for instance, illustrates precisely some of the increasing problems we are seeing.
“Mersey PCs sacked over abhorrent WhatsApp messages”
“Met Police: Ex-officers admit sending racist WhatsApp messages”
“Health board staff shared patient data on WhatsApp”
These headlines appear alongside others of a similarly sobering nature.
Major investment banks face huge fines
More commercial, but no less sobering is an indirectly related story: electricity regulator Ofgem recently censuring Morgan Stanley for breaching energy trading rules.
Not so unusual one might think. This is hardly the first time a well known investment bank has been caught teetering on the compliance line or crossing it in some way for that matter. Also, the misdemeanour for which the bank was reprimanded – some of its traders having used WhatsApp on their private phones to discuss various deals – appears on the face of it to be fairly innocuous.
Perhaps then consider that the resulting fine amounted to £5.41m ($6.9m) however and might have been as much as £7.7m, and it’s hardly a shock that other similarly tightly regulated players are now swallowing hard and thinking long and carefully about their messaging practices. Could any of our employees be sharing content that could harm the business? Are we sure? And could we/should we do anything about it if they were?
All of which makes some of Ofgem’s accompanying comments about the fine interesting.
Specifically, the regulator noted that while Morgan Stanley did have policies in place to prohibit staff from using WhatsApp for communicating about certain aspects, but it didn’t “take sufficient reasonable steps to ensure compliance with its own policies and the requirements of the regulations”.
Why these platforms have risen in popularity
Unfortunately, at the time the bank was essentially powerless to have taken those “sufficient reasonable steps” had it even tried. That’s because WhatsApp is incredibly popular. And so are many other similarly prevalent but unregulated consumer-grade messaging platforms. Everybody uses them, so everybody wants to use them. That includes all manner of corporate users – a great many senior executives among them – who stubbornly continue to favour these consumer-grade messaging platforms over the comparatively slow, featureless applications they are so often offered by their organisations.
In today’s escalating threat landscape we are seeing more and more high-profile cases of major organisations falling operationally and financially foul of hidden and unforeseen security and compliance breaches.
Now, there might exist, a rare breed of enterprise that isn’t, or doesn’t need to be concerned about its data. Or security. Or compliance. Or the possibility of facing millions of pounds in fines. Or major reputational damage. There are others that maybe don’t have shareholders to keep happy. Or stakeholders. Or C-suites.
There will also be those for whom turning a blind eye to unchecked messaging, data exchange, and content sharing is an acceptable risk if it means keeping their employees happy and their commercial cogs oiled and operating at pace.
Finding a suitable, secure alternative
However, for the vast majority of enterprises, maintaining robust security postures and processes across every aspect of their operations, but blindly allowing employees to share information and content on insecure messaging platforms is a lot like installing a portcullis and putting bars across all your windows but leaving the front door wide open.
Enterprises need a better secure messaging platform. A platform that offers users all the facility, scale, speed, flexibility, and features of the likes of well-adopted consumer-grade platforms but with a truly secure backbone that protects the enterprise at every turn. Truly secure enterprise messaging.
The risk of simply keeping quiet and carrying on regardless is now prohibitively steep – and make no mistake, it is getting steeper.
Protecting corporate value
At this point it is worth considering the question of why regulators are resorting to imposing such enormous fines. Of why these consumer-grade platforms are increasingly becoming such major targets for cyber criminality. Of why the perpetrators of all this cyber criminality – and indeed the messaging platforms themselves – are mining, interrogating, and exploiting user data of every variety. Extremely successfully.
Because there is enormous insight and value in it. Value that corporates could and should be extracting for their own ends. Value that secure enterprise messaging could, among its other benefits, lock in for them. And them alone, for competitive advantage and continued innovation. All well as ensuring that they don’t get fine or penalised by the regulators or become a victim of a well-publicised data breach.
So, while the humble text message has done rather nicely for itself. Now’s the time to secure it as it has proliferated communication in the corporate environment and who knows what corporate messages are being shared with the outside world – I shudder to think!