BYOD, Employee apps and security – risk and reward

Employees, BYOD and messaging

Today’s employees use increasingly diverse numbers of tools to reach out to colleagues and clients. Messaging applications like WhatsApp , WeChat, Signal, Telegram and LINE have become part of the way that employees do their day-to-day interactions with clients. They are easy, build relationships and customers are comfortable with them. Additionally, corporations are embracing BYOD policies. With BYOD, employees bring their own phones and these phones migrate with them from job to job. Fewer roles provide a “corporate phone”. 

This became particularly true when Covid-19 shifted workplaces to home working scenarios. Front-office employees still had to engage with clients when face-to-face wasn’t an option. In the absence of corporately endorsed messaging  platforms, employees turned to their personal messaging accounts to communicate with clients. WhatsApp, WeChat and increasingly Signal and Telegram accounts became the place where business conversations are held. 

What are the risks of BYOD and messaging?

There are some significant challenges, particularly around security, with employees deploying their own accounts to conduct workplace messaging. 

Unknown and invisible

Conversations on personal messaging applications are invisible to corporate systems. When an employee conducts a business conversation on a personal messaging application, an employer has no way to record, monitor or audit that conversation. This puts employee and employer at risk for security issues, governance and regulatory mandates and in some instances privacy concerns.

Enterprises have no visibility into who has shared what information with whom and in what jurisdiction. This can create security concerns if information is shared with a competitor or malicious actor. Additionally there are regulatory issues if that person does not have the right to have that information. 

Shadow IT

As employees deploy their own solutions to the issue of instant conversations with clients there are concerns around Shadow IT. Shadow IT is when employees or teams install applications without the knowledge or consent of the IT department. In fact research suggests that more than 26% of companies have no visibility into even the basic level of applications on phones used for work.

Messaging applications, as part of communications, would fall within the remit of the IT team. If the IT team doesn’t have visibility of an application, they cannot support it, protect it or standardize it across the enterprise. In some cases one team could use one application and another a different application. This can cause additional admin challenges for the IT team.

Applications that are not visible or supported by the IT team can be security risks as there is no guarantee of their provenance, their quality or their own encryption or security. 

Not all apps are equal

There are a lot of messaging applications on the market. From large providers like WhatsApp and WeChat, to up and coming providers like Signal and Telegram. There are also more geographically specific players like LINE and each day sees new start ups. Not all of these applications are enterprise grade – particularly in their security. 

Obviously, many are perfectly acceptable for everyday consumer use. However, enterprises, especially those in regulated industries have higher security and governance needs. It is vital, particularly in regulated industries like banking and finance, to ensure that any application that is used or deployed has enterprise-grade quality and security to safeguard the organization.

Disparate and non-productive

Swapping between different applications for different communications with different customers is not a sustainable or productive way to communicate. What starts as an easier way to communicate can quickly snowball to a productivity blackhole. Employees must remember that customer X likes to talk on WhatsApp while customer Y prefers Signal. The act of switching between and managing communications across these multiple acts takes the employee away from tasks they could be doing. It may sound like a simple thing but potentially an employee is managing upwards of ten customers and is having multiple conversations each day. This time adds up. As does the requirement to transfer that information into corporate systems. 

Whose eyes are on your phone?

If an employee has a conversation on their personal messaging account – particularly given BYOD policies – what happens to those conversations when that employee leaves? Firstly, conversations on personal accounts are rarely recorded to corporate governance or audit systems. So, if any customer record is incomplete, an audit is required. Secondly, if an employee leaves or if they lose their phone, those conversations and customer data and any content is no longer within the enterprise’s control. IT cannot remotely wipe the handset or lock, particularly given the popularity of BYOD policies.

Employees also often do not have enforced biometrics on their phones. While PIN numbers have gained popularity, iris scans, face scans and fingerprint locks less so. Particularly in the face of Covid and the requirement to wear masks in many geographies. PINs can be easily hacked if an employee loses their phone. Whereas biometrics much less so.

Safe messaging platforms and channels

All this makes the deployment of messaging applications at an enterprise seem unsafe. In fact there are ways to embrace messaging applications securely and safely.

A centralized platform like LeapXpert’s Federated Messaging Orchestration Platform provides employees with a way to communicate from a single, secure environment. 

With one environment that can communicate to multiple messaging applications, IT teams can securely control their application stack. They also protect the information that flows in and out of organization, monitor who sends what information and has what conversations. All in real-time. This puts the enterprise into a more secure, proactive position to enable employees and clients while maintaining regulatory and security control.

Safe Practices

Organizations can set up security processes like Data Loss Prevention to prevent data and content from leaking from the organization either on purpose or accidentally. This prevents data that is not suitable for external audiences or should not be shared between or by specific parties from being sent over messaging applications. 

With central control they can revoke access to the Leap Work application if an employee loses their phone. This prevents access or control of any data or customer interactions with any corporate systems. They can also implement additional security controls to access the application.

With a centralized approach, it is also possible to ensure that a robust security system is put in place to protect and defend the organization from any form of attack.

Unified approach

LeapXpert’s FMOP unifies different messaging applications and collaboration tools into one single, centralized application. This unified experience resolves the productivity challenge for employees. They no longer need to switch between applications, all information is in one central place and seamlessly connect to other business-critical applications. Enterprises have a single, unified platform for employees. They can monitor all business messaging communications in real-time from this environment with alerts should there be a protocol or process breach. 

Embracing messaging applications – not so scary

An enterprise that provides employees with a way to communicate securely and safely over messaging applications is forward-thinking. Embracing messaging applications is the future of work, not just remote work. However, enterprises must ensure that they consider how to balance their BYOD policy, their employee privacy, their regulatory concerns and security requirements. With these in balance, employees and clients can move forward with a sense of confidence. 

Talk to LeapXpert about how to embrace messaging applications and enable your employees.

Interested in learning more about messaging applications and enterprises read our blog on the problem of employees using personal devices at work.

Ready to Leap your business?

    LeapXpert Insights?
    Follow us on Linkedin

    To find out what LeapXpert is doing right now, to learn about our news and plans, and to discover more information on how our FMOP can resolve your business communication problems, follow us on LinkedIn today.
    Catch up on our business news and achievements, explore and follow industry articles.
    FMOP
    Business messaging is a huge pain point for many organizations. At this point, putting the business messaging ‘cat’ back in the bag isn’t going to work. Customers demand the ability to communicate with companies using messengers. So what’s the solution? A Federated Messaging Orchestration Platform (FMOP).
    Read more
    Compliance
    Messaging apps are a preferred method of communication for clients to contact stockbrokers. However, being hit with a $5 million fine for not being able to keep client communications when using instant messaging is a hefty price to pay.
    Read more
    Compliance
    On Jan 22, 2020 Bloomberg announced that the use of Telegram for conducting a business deal was why the court was ruling in favor of Hyundai Motor Securities Co, costing Yuanta Securities Korea Co. ~USD $12.6 million. The Seoul Central District Court has ruled that conversations held via Telegram are not binding contracts.
    Read more
    Data ownership
    Having client poaching employees is the last thing any small business owner worries about. But just one single employee managed to cause an overnight loss of 20% in business income. Believe it or not, instant messaging can be a prime cause of client poaching.
    Read more
    Compliance
    Enterprise messaging is about more than just ensuring a consistent tone and message to your customers. It means giving your employees the right tools to respond quickly to customer requests. From compliance issues and loss of configuration control to reduced security and loss of business, there are many reasons why businesses need to implement a company wide separate enterprise messaging app.
    Read more
    Data ownership
    The privacy rights of employees are under threat from the most basic of workplace communications. Using supposedly safe, encrypted systems is putting personal information at risk, as there is no right to employee privacy on messengers once work topics appear. How can both employees and employers tackle this difficult issue?
    Read more