By Geraldine Osman, Vice President of Marketing at StaffConnect,
Employees are only human. They like to communicate with each other in convenient ways that fulfill their needs for connection and information—not just in their personal lives, but in the corporate environment as well. When communicating was mainly done via phone, fax, and mail, this reality didn’t generally expose companies to major security issues. Even as more advanced options like email and IM entered the mix, as long as employees only had access to corporate computers when handling company data, IT departments were still able to exert effective control and oversight—for example, by programming corporate email accounts to reject unauthorized attachments and limiting employee access to social media.
But with smartphones and consumer-targeted apps now in practically every employee’s pocket where they can be accessed from work as well as home, that’s all changed. While it’s certainly a good thing that your employees are engaging with each other through technology—across job functions as well as geographies—the type of application that your staff uses makes a huge difference when it comes to keeping the organization’s critical data secure, and avoiding preventable vulnerabilities to cybercrime. With employees now having independent access to everything that the Internet has to offer no matter where they are, the lines are becoming increasingly blurred between business and personal use.
Not All the Same
Another fact: consumer apps like Snapchat or WhatsApp, which many of your employees may currently be using to exchange information with each other, are not enterprise-grade applications. Since they are designed specifically for consumer use and not with business confidentiality in mind, their platforms aren’t secure enough to ensure the needed high level of data protection needed by organizations with sensitive data.
Take Whats App as an example: there has been ample evidence of the fact that the app’s security flaws can be easily infiltrated by hackers. Wired reported just last month that despite the app’s addition of encryption two years ago, research by cryptographers has proven that impostors are able to join “private” group chats, putting confidential data at risk. Other encrypted messaging chat apps, including Signal and Threema, were also found to have similar flaws that mean confidential chats aren’t really confidential. There are other security issues as well that have been widely identified with messaging apps including WhatsApp, such as:
- Web malware
- Unencrypted backups (messages may be safe during transmission but not while on an employee’s device)
- Facebook data sharing
- Encryption vulnerabilities (like the “severe” one that was reported on in The Telegraph last March based on a bug in the web version of the app)
- Privacy issues during chats, such as the user’s phone number being displayed
- Problems with former employees still being able to access groups they have joined via chat apps, which means they can still access company data
The fact is that when you allow employees to select their own messaging apps, you are unwittingly handing them the keys to your company’s data security—and your staff might not be locking the door behind them. When you relinquish control of what information can enter or leave your organization and where it can end up, you have no data protection. Personal and business use become so fused with these apps that it’s easy for someone to select the wrong person from their contact list and send the wrong recipient the wrong confidential file.
There are multiple dangers of using consumer apps in enterprise environments that go beyond security. When you fail to provide enterprise-grade communications tools to your employees—tools that are designed with enterprise use in mind—you are sacrificing a lot. You’re missing not only having all of the needed security layers in place for your business, but also all of the required interfaces and built-in reporting and analysis tools—in short, all of the exact features and benefits that enterprises need from an employee communications platform.
Your teams understandably want to communicate and keep in touch within the corporate environment—and they should. It helps your organization (and its engagement levels as well) to have in-the-loop employees who want to connect with the rest of the company. So how can employers keep their confidential data protected when their staff are turning toward consumer-targeted chat and messaging apps? How can administrators keep proper data protection controls in place to ensure that the organization’s sensitive information won’t be revealed—and its intellectual property won’t be threatened—when colleagues use a consumer messaging app to share confidential financial data or new product designs with unauthorized parties? In short, how can you minimize your risk while maximizing the company’s potential when it comes to employee communications?
The answer lies in integrating a secure enterprise-grade mobile internal communications platform, rather than leaving corporate security and employee communication to chance via random chat apps. Ideally, you should seek a platform that contains not just an interactive app but two additional interrelated secure elements: an intuitive management console and an inspiring success program.
Secure Expression, Single Platform
One way that this platform provides security is by ensuring that your entire workforce, whether they work in the field or the boardroom, are united on the same platform. No more random hodgepodge of insecure apps jeopardizing how your teams communicate internally and externally. Instead, all employees are empowered to engage securely with company communications while connecting with, and being inspired by, corporate goals.
With this secure mobile communications platform, employees can now express views and share knowledge across business-lines, titles, and geographies without putting sensitive corporate data at risk. A related benefit is that communicating like this also increases employee job satisfaction, loyalty, and retention, as well as customer satisfaction.
You may worry that a secure, company-approved communications platform won’t be as “sticky” for your staff as a consumer-targeted messaging app, but nothing could be further from the truth. In an enterprise setting, combining chat functionality with access to the company directory, for example, means that employees can communicate instantly with each other or to groups that they’ve joined through the app. This removes the temptation for employees to turn to insecure external apps like WhatsApp while also keeping all internal communications protected, transparent, and auditable. An enterprise-grade platform can also include push notification functionality, ensuring you can get messages in front of the right recipients immediately (and avoid the wrong ones) by sending data directly to their device.
Back in Charge
Empowering IT administrators is another feature of enterprise-grade communication tools that boosts security. Using a management console means that authorized administrators now have a simple tool for managing the entire platform. Added benefits for employers include having access to reports and dashboards that offer invaluable insights into employee engagement as well as the overall employee experience (EX). When paired with advanced communities, this functionality facilitates enhanced segmentation and targeting. Another benefit: by using surveys and quizzes built into the app, employees know that their feedback is being sought, appraised, and acted on.
Some enterprise-grade communications platforms even come equipped with customized consultations with domain experts to define internal communications strategy and ensure proper technology implementation, which can help ensure that employees know how to use the technology to help safeguard data. Such customized support can help convert employees into avid users of the app, steering them away from consumer-targeted options, while informing them about the importance of keeping personal and business communications separate.
We can never forget that employees are all too human and thus prone to potential security risks if they’re left to blend consumer apps with confidential company data. But when you provide them with the most secure enterprise-grade applications and tools, you can keep staff connected no matter where they are while ensuring true data protection.
Geraldine has over 20 years global marketing leadership experience in the technology sector, transforming companies like Barracuda Networks and Nexsan into recognized, worldwide brands and growing early stage start-ups into market-leading, successful companies.
Read online – https://thecybersecurityplace.com/care-data-security-dont-leave-employees-hands/