Consumer chat applications like WhatsApp are ubiquitous, easy to use, and free. They are a part of our culture today, and offer an instant communications tool tethered to the address book on our smartphones.Business users have begun to use consumer chat applications as a real time communications tool to get pricing, change forecasts and inform their employees in the field about company announcements and changes in the business. With 118 million smartphones to be sold in India in 2015, consumer chat apps are going to see a lot of use. For businesses, that represents a challenge.
The dark side: What happens to your data?
In the raging controversy around net neutrality the essential privacy concerns for business users have been forgotten. Hidden in the legal mumbo jumbo of "Terms of Service" of a consumer chat app are the following key issues. First, consumer applications cannot guarantee that conversations or files exchanged are confidential. Second, it is also necessary to stress that chats in applications like WhatsApp are not erased, they just become hidden and archived in the database of the app (including our status updates).
Companies have secrets they want to keep, whether it's because of regulatory issues, SEBI requirements, or patient confidentiality in the case of healthcare. Consumer chat applications are a ticking time bomb for business users. Security researcher Matt Zweerink was experimenting with WhatsApp to create a bot, and was shocked when he found out how it could be used to track other users despite their privacy settings. He wrote a detailed post about the problems he discovered, which is worth reading. Here's an excerpt:
Some random person could just try to subscribe to all WhatsApp users and retrieve their online/offline status meanwhile a lot of WhatsApp users (like myself) would thought my privacy was protected by these options! Imagine selling this information for marketing purposes, this just creeps me out. I don't want to retrieve a coupon on some drug that makes me sleep better, definitely not from some stranger (beside WhatsApp themselves)!Of course privacy is already a heavily discussed topic at Facebook and WhatsApp, but now when a complete stranger can know when I wake up is going way too far if you ask me.
Electronic Frontier Foundation weighs in on privacyThe Electronic Frontier Foundation privacy scorecard continues to rate popular secure messaging apps at a very low level. A recent study from Electronic Frontier Foundation (EFF) puts into perspective how unsafe these messengers are and how they lack a secure form of communication. WhatsApp received a single star rating in a transparency and privacy assessment, not even meeting industry standards on the scorecard.
Business decision makers understand that we are moving from a mobile-first to mobile-only workforce. Instant messaging is here to stay as a "must have" business tool that improves workplace communication. More and more CXO's are looking at deploying private business messengers across the organisations.
Instead of banning consumer chat messaging apps for business use, businesses should embrace messaging as a 21st century mobile world. They should use it to drive productivity, by carefully assessing new tools that combines the ease of consumer messaging with reliable enterprise technology and also offer data ownership, compliance and control to ensure employees get the right information at the right time on the most ubiquitous device they own - the smartphone.
Here are six "must-have" security features to get workplace messaging right:
Simple/ easy to use
If the app requires, training and orientation like many legacy enterprise tools, management has already lost the battle. It should look and feel like a consumer app.
Authentication and compliance
The tool must authenticate current employment with the company and therefore current access to company data.
In addition to encryption and privacy, it should include more modern technologies like, one time pin log in and protection against attacks, especially in financial services and banking industries.
When an employee is terminated, newer technologies like Remote wipe should be incorporated to ensure the terminated employee's app can be wiped in real time off all company data.
The business runs of transaction data. Whether its invoices, purchase orders, forecast reports. Business messenger should be able to integrate with internal applications to drive true productivity and data transparency.
Ownership of data
Companies need to ensure, that ownership of the data contractually rests with the business, so that they archive the data much like modern email archiving systems.