Today’s employees use increasingly diverse numbers of tools to reach out to colleagues and clients. Messaging applications like WhatsApp , WeChat, Signal, Telegram and LINE have become part of the way that employees do their day-to-day interactions with clients. They are easy, build relationships and customers are comfortable with them. Additionally, corporations are embracing BYOD policies. With BYOD, employees bring their own phones and these phones migrate with them from job to job. Fewer roles provide a “corporate phone”.
This became particularly true when Covid-19 shifted workplaces to home working scenarios. Front-office employees still had to engage with clients when face-to-face wasn’t an option. In the absence of corporately endorsed messaging platforms, employees turned to their personal messaging accounts to communicate with clients. WhatsApp, WeChat and increasingly Signal and Telegram accounts became the place where business conversations are held.
What are the risks of BYOD and messaging?
There are some significant challenges, particularly around security, with employees deploying their own accounts to conduct workplace messaging.
Unknown and invisible
Conversations on personal messaging applications are invisible to corporate systems. When an employee conducts a business conversation on a personal messaging application, an employer has no way to record, monitor or audit that conversation. This puts employee and employer at risk for security issues, governance and regulatory mandates and in some instances privacy concerns.
Enterprises have no visibility into who has shared what information with whom and in what jurisdiction. This can create security concerns if information is shared with a competitor or malicious actor. Additionally there are regulatory issues if that person does not have the right to have that information.
As employees deploy their own solutions to the issue of instant conversations with clients there are concerns around Shadow IT. Shadow IT is when employees or teams install applications without the knowledge or consent of the IT department. In fact research suggests that more than 26% of companies have no visibility into even the basic level of applications on phones used for work.
Messaging applications, as part of communications, would fall within the remit of the IT team. If the IT team doesn’t have visibility of an application, they cannot support it, protect it or standardize it across the enterprise. In some cases one team could use one application and another a different application. This can cause additional admin challenges for the IT team.
Applications that are not visible or supported by the IT team can be security risks as there is no guarantee of their provenance, their quality or their own encryption or security.
Not all apps are equal
There are a lot of messaging applications on the market. From large providers like WhatsApp and WeChat, to up and coming providers like Signal and Telegram. There are also more geographically specific players like LINE and each day sees new start ups. Not all of these applications are enterprise grade – particularly in their security.
Obviously, many are perfectly acceptable for everyday consumer use. However, enterprises, especially those in regulated industries have higher security and governance needs. It is vital, particularly in regulated industries like banking and finance, to ensure that any application that is used or deployed has enterprise-grade quality and security to safeguard the organization.
Disparate and non-productive
Swapping between different applications for different communications with different customers is not a sustainable or productive way to communicate. What starts as an easier way to communicate can quickly snowball to a productivity blackhole. Employees must remember that customer X likes to talk on WhatsApp while customer Y prefers Signal. The act of switching between and managing communications across these multiple acts takes the employee away from tasks they could be doing. It may sound like a simple thing but potentially an employee is managing upwards of ten customers and is having multiple conversations each day. This time adds up. As does the requirement to transfer that information into corporate systems.
Whose eyes are on your phone?
If an employee has a conversation on their personal messaging account – particularly given BYOD policies – what happens to those conversations when that employee leaves? Firstly, conversations on personal accounts are rarely recorded to corporate governance or audit systems. So, if any customer record is incomplete, an audit is required. Secondly, if an employee leaves or if they lose their phone, those conversations and customer data and any content is no longer within the enterprise’s control. IT cannot remotely wipe the handset or lock, particularly given the popularity of BYOD policies.
Employees also often do not have enforced biometrics on their phones. While PIN numbers have gained popularity, iris scans, face scans and fingerprint locks less so. Particularly in the face of Covid and the requirement to wear masks in many geographies. PINs can be easily hacked if an employee loses their phone. Whereas biometrics much less so.
Safe messaging platforms and channels
All this makes the deployment of messaging applications at an enterprise seem unsafe. In fact there are ways to embrace messaging applications securely and safely.
A centralized platform like LeapXpert’s Federated Messaging Orchestration Platform provides employees with a way to communicate from a single, secure environment.
With one environment that can communicate to multiple messaging applications, IT teams can securely control their application stack. They also protect the information that flows in and out of organization, monitor who sends what information and has what conversations. All in real-time. This puts the enterprise into a more secure, proactive position to enable employees and clients while maintaining regulatory and security control.
Organizations can set up security processes like Data Loss Prevention to prevent data and content from leaking from the organization either on purpose or accidentally. This prevents data that is not suitable for external audiences or should not be shared between or by specific parties from being sent over messaging applications.
With central control they can revoke access to the Leap Work application if an employee loses their phone. This prevents access or control of any data or customer interactions with any corporate systems. They can also implement additional security controls to access the application.
With a centralized approach, it is also possible to ensure that a robust security system is put in place to protect and defend the organization from any form of attack.
LeapXpert’s FMOP unifies different messaging applications and collaboration tools into one single, centralized application. This unified experience resolves the productivity challenge for employees. They no longer need to switch between applications, all information is in one central place and seamlessly connect to other business-critical applications. Enterprises have a single, unified platform for employees. They can monitor all business messaging communications in real-time from this environment with alerts should there be a protocol or process breach.
Embracing messaging applications – not so scary
An enterprise that provides employees with a way to communicate securely and safely over messaging applications is forward-thinking. Embracing messaging applications is the future of work, not just remote work. However, enterprises must ensure that they consider how to balance their BYOD policy, their employee privacy, their regulatory concerns and security requirements. With these in balance, employees and clients can move forward with a sense of confidence.
Talk to LeapXpert about how to embrace messaging applications and enable your employees.
Interested in learning more about messaging applications and enterprises read our blog on the problem of employees using personal devices at work.