By Barry Cashman, VP UK&I, Veritas Technologies
Financial regulators in the UK are now quizzing banks on their employees’ use of personal, private messaging channels such as WhatsApp and iMessage.
This follows the news that 16 banks were fined $1.8bn in the US after staff were found to be using private communications apps and channels to discuss business deals.
Employees using private messaging apps to conduct official business isn’t anything new. After all, we have seen members of parliament here in the UK questioned over their use of such channels for government business.
But there are major concerns for businesses and public sector organisations as this type of behaviour opens up a whole host of challenges such as control, compliance, and increased cyber risk such as ransomware attacks.
Whilst popularity remains for communication on these personal, private apps, how can businesses accept it is going to happen and take the necessary steps to maintain some control?
Risky Business
Despite their convenience, using these channels to discuss business deals and sharing sensitive data poses a major compliance risk for many organisations. The pandemic is believed to have triggered an increase in the use of messaging, collaboration, and video-conferencing tools as they gave organisations a semblance of ‘business as usual’. But what may have been implemented as a substitute for inter-employee meetings, quickly spun out to cover all sorts of different business interactions that were never intended to take place on these platforms. Veritas research found that almost three-quarters of employees admitted to sharing sensitive and business-critical company data on channels such as WhatsApp, text or Zoom.
This leaves organisations open to a whole host of dangers, from data loss to non-compliance, as well as to ransomware threats.
Overcoming the employee choice
The challenge for financial service organisations now is that the genie is out of the bottle and action is needed. The workforce knows that the best way to reach their colleagues and clients is very often to hit them up on whatever messaging app they may have on their phone. Telling them to stop can feel like the business is shackling their productivity and a blanket ban will often simply push the use of these messaging services underground. And that makes compliance and security even harder to manage.
It’s time for businesses to take back control and tackle this risk head-on.
Recognising the risk and communicating securely
If businesses want to move forward without hampering productivity by accepting the use of newer channels but also recognising the risks, what can they do?
The answer is to learn to treat these messaging platforms in the same way that we treat more established methods of communications. Collaboration and messaging tools should be incorporated into the same eDiscovery and data backup policies that we have for email.
Financial services organisations need to change the mindset from “find and stamp out the use of messaging tools” to “find and protect the use of messaging tools”. This will empower users to maximise the tools without putting the business at risk. Empowering staff to use what they prefer can after all, yield better performance results.
Incorporating these communications tools also improves visibility across the whole communications estate, enabling the IT team to identify risks that the network could be exposed to through these tools. Including cloud communications platforms is crucial in identifying problems quickly and isolating them before damage to data can spread. In other words, identifying a breach quickly and preventing damage is the priority.
In terms of compliance, knowing where data is held and protecting it is much more straight-forward when it is centralised and conforms with the company’s data management protocols. As the movement towards using different newer communications channels evolved organically, many institutions have not caught up with this trend. Hence being caught out and fined. However, the technology is available to prevent this from happening in the future.
To avoid regulatory fines, financial institutions may opt to restrict the use of these private messaging applications. However, trying to control employees is this way is not conducive to creativity, agility, and best performance. It limits businesses from embracing new opportunities.
The key is in fitting technology to people – not the other way around. To get the best from their employees, banks, and other regulated organisations need to move with the times – but do so safely, by ensuring that their supervision solutions can span all the communications channels that their staff are using.
