Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • IT Management
    • Mobile
    • Networking

    Why You Shouldn’t Use Personal Messaging or Email Apps for Business

    By
    WAYNE RASH
    -
    March 26, 2019
    Share
    Facebook
    Twitter
    Linkedin
      Whatsapp.security

      Over the weekend, we received word that Rep. Elijah Cummings (D-MD), who chairs the House Oversight and Reform Committee in Congress, had sent a letter to the White House regarding the use of a private email account by presidential advisor Ivanka Trump to conduct official business. The letter also asked about the use of the WhatsApp messaging app by advisor Jared Kushner to conduct sensitive diplomatic communications with people outside the U.S.

      According to multiple news reports, the recipient of some of Kushner’s messages was Saudi Crown Prince Mohammed bin Salman, the same Saudi official who ordered the killing of Washington Post journalist Jamal Khashoggi. The fact that Kushner uses Facebook’s WhatsApp to communicate official business is giving security experts within the government and elsewhere nightmares.

      Why? First of all, WhatsApp messages aren’t part of the official White House messaging infrastructure, and that means that they aren’t being preserved as required by the Presidential Records Act. Kushner’s lawyer has told the committee that Kushner sends screen shots of the messages to his official White House email, but as a number of officials have noted, that doesn’t preserve the entire communication.

      WhatsApp is Encrypted, but That Doesn’t Mean the Message is Safe

      But a worse problem is the security. While WhatsApp is encrypted end to end, it’s a commercial app intended for use by consumers. It has no means of protecting the communications on either end of the line. In any case, being encrypted isn’t the same thing as being safe. After all, WhatsApp is owned by Facebook, a company for whom security and privacy are, at best, theoretical concepts.

      On the other end of the line, cracking mobile phone security is a major industry in the Middle East, and some of that activity is operated under the auspices of the Saudi government. How hard would it be for a Saudi government official to install malware that affects both ends of the messaging link?

      So what does this have to do with you? Actually, a lot. Even if your company doesn’t deal with highly classified information, you still have information you don’t want to be made public. In addition, you may find yourself in a situation in which your communications are legally binding, such as when you agree to a purchase using email.

      Just as in the case of the White House, you don’t want to find out that one of your employees used an insecure messaging platform that enabled a breach. Likewise, you don’t want to find out that your executives’ private discussions were sharing a messaging service with the babysitter.

      Legal Consequences a Major Factor

      If you’re engaging in some activity that’s got a legal consequence, such as negotiations for a merger, an HR situation or even an order for paper for the copier, you want to make sure you have a copy of that communication.

      The way to accomplish this in business depends on whether you let your employees use their own phones and computers. If you provide those for the employees to use, then you can take charge of the applications that are installed on their devices. You can also lock down the device so that employees can’t add applications, which will make it less convenient to use things like WhatsApp.

      On the other hand, if your organization has gone fully into the BYOD world, then you’re going to deal with a more complicated problem. Since you don’t own the device, your control over the apps that are installed is limited. In this case, your best chance is in the realm of HR policy.

      Your rule forbidding the use of personal messaging for company business may not prevent its use, but it will give you some recourse if your employees ignore the policy and use it anyway. For example, you may want to make it a matter of policy that the employee is personally responsible for financial transactions conducted outside of official channels. Then you can control the outcome when they submit their expenses.

      Consider the Nature of the Infraction First

      It’s important to the nature of the infraction. For example, an employee setting up lunch with a prospective customer over a Facebook Messenger account isn’t exactly an egregious failing. But using WhatsApp to tell their friends about company activities probably is a policy violation.

      The best way to handle this issue is to make it easy for your employees to follow the rules. For example, make sure that their company email will work from their mobile device in addition to their computer at work. Set clear guidelines for the use of messaging and social media when it involves the company, and include a description of the consequences if your employees don’t follow the rules. Then enforce the rules.

      While you can use the right technology to determine whether employees are using social media or a messaging app from the company network by using an NG firewall, it may not be worth the effort. Your employees can bypass your firewall by simply turning off WiFi on their devices.

      Instead, help your employees comply with your policies by providing them the means to follow them and by educating them on how to accomplish that. Like everything else in security, it helps a lot if your staff is working on your behalf.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×