WhatsApp's imminent privacy policy update - understanding the risk

(Image credit: Pexels/Anton)

Used by 3 million companies worldwide, and after experiencing a bumper year in 2020 – with a 40% uptick in usage during the early months of the Covid-19 pandemic – WhatsApp is firmly positioned as one of the most used and relied upon instant messaging apps globally.

WhatsApp is cited and praised by personal and business users alike for its end-to-end encryption and perceived strong privacy, and often seen as the go-to communication tool within the workplace, especially for mobile-dominant employees and business.

But after announcing earlier this month that the company would be implementing changes to its privacy policy imminently, although subsequently opting for a slower rollout of these changes over the coming months, the question of how WhatsApp will share data with parent company Facebook has caused a flurry of concern with users. And amid this concern, there’s been a surge in demand for alternate messaging services such as Telegram and Signal.

The rise in popularity of these alternative, privacy-centered communications tools pose a new challenge to businesses. While some of these messaging apps such as Signal are billed as more secure than their traditional counterparts, there is still a need for industry and IT professionals to review and understand the security features inherent in these apps, how the apps may be utilized within their firms, and that they are accounted for within risk management plans.

The changes to how businesses and employees are using communications and messaging tools come at a time when businesses are already grappling with the challenges of working from home, which has given rise to legitimate concerns about the potential security gaps or breaches inherent in the widespread use of apps or cloud-based software outside the purview of traditional IT departments.

With WhatsApp’s privacy changes on the horizon, a renewed interest in alternate messaging services, and the challenge of how to manage and evaluate the risk of shadow IT, it is crucial for business owners across all industries to re-evaluate their internal processes and practices for optimizing privacy and security.

This is of particular, pressing importance to the financial and legal industries that must monitor and log business-sensitive communications not just for peace-of-mind, but to comply with global industry regulations.

So, how can business leaders ensure that the highest standards of privacy and security are being upheld across all levels of their organizations?

Understand the risk

As more and more people rely on apps for a variety of business and personal needs, considerations around what and how data is stored and shared are often overlooked. And as some high-profile data breaches have shown in the past few years, even multi-national companies with sophisticated apps can fall victim to external hacking threats.

The challenge, therefore, as a business leader or IT professional, is how to have full confidence in the transparency and security of apps that all the employees within a business are using. This is difficult during the best of times – but widespread working from home has necessarily increased accessibility to a whole host of additional apps for employees, many of whom are likely to move seamlessly between business and personal use. This introduces further complications for business leaders and IT departments in having complete knowledge of all the apps, and the potential vulnerabilities that come with them, used by employees across the business.

The first step for organizations to understand the security risks various mobile apps pose is by conducting an app security assessment. This is imperative in helping to identify and evaluate the threats and potential vulnerabilities within the apps used by everyone across an organization, in any industry.

Once there is a deeper level of understanding of the company-wide use of mobile apps, and their associated risks, a firm is then in a position to develop a strategy to secure mobile devices, protect data, prevent potential security breaches that could threaten brand reputation, and meet industry compliance requirements.

Crucially, this knowledge of potential threats and vulnerabilities can help firms develop a proactive approach to securing its data and devices, instead of waiting for a vulnerability or leak to surface and having to deploy emergency measures to mitigate the damage.

Manage the risk

There are a number of solutions for businesses looking to secure their mobile messaging tools for optimal privacy across business communications and operations.

Despite the ongoing threats, some firms, their users, and their clients may decide not to relinquish WhatsApp as a core messaging tool. What these firms require is the flexibility to conduct business matters through familiar messaging apps, without compromising on security. 

To mitigate the risks associated with company-wide use of popular messaging tools, using mobile capture apps can offer an additional layer of security to mobile communications by capturing all voice and text messages in real-time. While recording messages through a mobile capture app is useful within a variety of business settings, it is especially pertinent for legal and financial industries. As such apps demonstrate, critical business conversations must be accounted for and easily retrieved not only to ensure the smooth-running of internal business operations, but also to adhere to global industry compliance standards.

For advanced privacy and complete protection of personal information on any device, businesses have the option of professional alternatives to WhatsApp. BBM Enterprise (BBMe), for example, uses unique end-to-end public/private encryption and signing keys for the ultimate in secure messaging. And to ensure that personal information is protected, firms can look to messaging apps that require only an email address and no additional personal details, like a mobile phone number, for sign up.

Steve Whiter, Director, Appurity

Steve Whiter is director of Appurity, a company that deploys solutions for critical mobile security services across all verticals.