Office culture is changing rapidly. Many companies now allow employees to use group messaging apps like iMessage or WhatsApp to talk to one another. It's a new and largely unregulated medium. The odds are that it's just a matter of time before careless employee chat habits leave companies open to cyber attack, costing them their jobs and possibly their bosses' jobs too.
Mistakes happen
There can be no doubt that group collaboration and messaging is a more productive and immediate way for disparate teams of colleagues to communicate and consult with one another than email. For many people it's already second nature to chat with family and friends in this way. And while the majority instinctively understand the need to moderate their conversations when in the workplace everyone is human. Mistakes happen. And one small mistake may be all that cyber criminals need to launch an attack using ransomware or links to fake websites.
In a recent study of employees by a Washington-based policy research group and security company McAfee more than half of those surveyed had witnessed scam emails or suspicious links while at work. Many also admitted to risky habits like using the same password for different work applications (23%), writing down passwords (17%), working while connected to public Wi-Fi (16%) and accessing social media at work (15%).
WhatsApp Gold
Judging by the way employees are still making these basic security errors using conventional office technology we shouldn't expect things to be any different for mobile messaging. Hackers are already up to their old tricks, targeting chat apps with malware as in the recent WhatsApp Gold scam.
WhatsApp Gold is an example of the new "hacks and cracks" targeted at mobile phones and apps. Fake applications fool mobile users into download and installing them on their device. This allows the hacker to take over the end user device and any personal data on it. Due to its popularity WhatsApp is a particular favourite of hackers. Indeed there are many thousands of WhatsApp IDs for sale on the Dark Web if you know where to look. You can even rent a WhatsApp spam server capable of sending up to 200,000 messages a day.
Struggle for control
Businesses would do well to brace themselves for the first group messaging breach. It doesn't take much of a stretch of the imagination to envisage what might happen if unsuspecting employees thought the boss was sending them instructions similar to those in fake CEO email scams asking them to pay a bogus supplier or provide confidential information. UK businesses appear to be a particularly attractive target for cyber criminals. According to PwC, about 55% of UK businesses have been attacked over the past two years, compared with a global average of 36%.
All this presents bosses with a dilemma. How can they prevent the business or even themselves paying a heavy price for the mistakes of others? After all in the climate of greater regulatory vigilance following Brexit, not to mention the arrival of GDPR in 2018, it won't be long before failure to comply starts costing people a lot more than it does today in terms of financial penalties and inevitably in terms of jobs.
Take back control
WhatsApp and other consumer chat apps are well below the standards required for business. First, there is no central management to help you understand who set up a group and with whom. Without such visibility it is easy for a business to lose sight of who is and who isn't in company group chats.
Second, there is no means of ensuring the privacy of sensitive or confidential information or of demonstrating compliance for auditors. Furthermore WhatsApp stores all messages on the device so they can be accessed or shared long after an individual's employment has ended.
Group chat in the workplace is a ticking time bomb and employers need to act quickly to take back control. For example you may want to consider using a secure messaging and collaboration platform. The latest ones blend the familiarity of consumer-apps with centralised IT administration for control, full encryption for maintaining privacy as well as give you your own keys to access the data. This allows the business to prove compliance to the auditors should they need to.
In conclusion, the increasing popularity of group chat apps in the workplace has introduced a new business risk that is outside the IT department's control. While they are a great productivity tool, helping teams quickly share information and collaborate easily with one another in real-time regardless of location be sure to check their business credentials before allowing them a foothold in your company. Consumer chat apps are already targeted by cybercriminals and unless you can take back control it won't be long before the business is held to account - most likely along with those in charge.