It doesn’t happen often, but there have been a few times when someone has sent me sensitive information over a messaging app because they believe it is safer. Also, when I worked in a typical office setting, it was expected that employees would communicate via messaging apps for real-time conversations, rather than use the phone or chat face-to-face, which was deemed too disruptive in a cubicle world.
Are using these messaging apps adding another layer of risk to your business information? Quite possibly, according to research from Infinite Convergence Solutions and 451 Research. That’s because employees are using unsecure messaging applications to communicate with each other, with nearly three in four employees using consumer messaging apps for business purposes. Yet, nearly two-thirds of organizations have done nothing to create security policies around their use.
You can almost sense that this is a major security breach waiting to happen, simply because it is so under the radar. How much have you talked about the risks involved with sending private messages through Facebook or WhatsApp or other messaging software?
And how much of this communication is happening on personal phones and tablets used as BYOD? The study also found that 70 percent of employees use smartphones for business purposes and messaging is the top activity for employees using a smartphone for business purposes.
A problem, as Anurag Lal, CEO and president of Infinite Convergence Solutions pointed out in a formal statement, is BYOD security policies aren’t keeping up with employee behavior:
The rise of BYOD policies in the workplace was intended to make employees communication easier and more efficient, but company policies haven’t evolved over the years and are much too lax given how ubiquitous mobile devices have become.
How widespread is mobile messaging? According to a study by the International Committee of the Red Cross, 2.5 billion people use messaging apps global and that number is expected to jump by another billion by next year. I’m a big proponent of messaging. I like the immediacy and that I can conduct conversations in situations where talking on a phone or emailing just won’t do. Clearly, I’m not the only one who feels this.
Messaging in the workplace isn’t going to stop, especially if your organization allows BYOD. So what can you do to make it more secure? Setting messaging-related policies is a big first step, such as only allowing approved messaging apps or ensuring that mobile devices meet security protocols. Encryption of the messages is another option. Of course, that’s easier said than done, Adam Preset, research director at Gartner, told CIO:
Many CIOs welcome the rise of encryption protocols in consumer messaging apps, but their concerns don't end at "send" and "receive." The terms and conditions of consumer apps don't favor enterprises, and, in the best case, information transmitted within those apps is owned by the individual.
As Raul Castanon-Martinez, senior analyst, Workforce Collaboration with 451 Research, said in a formal statement, there is a lot of discrepancy between the rate at which employees are increasingly using mobile messaging and how well companies are regulating and securing this usage. What is your company doing to make messaging more secure?
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba