< Back to listing

Posted 5 juin 2019

WhatsApp, Skype, Signal, Telegram, Messenger, Google Meet…

These are some of the major consumer messaging applications, unfortunately also used by organizations. These messaging applications are used among internal collaboration tools and are largely beyond the control of IT. Their features and availability free of charge facilitate internal and external communication flows for employees. The major problem is that they are well below par when it comes to the kind of security standards that should be in effect in every organization. Would you like to refrain from using these consumer applications and ensure the sovereignty of your business information by choosing a B2B mobile communication solution? This article is for you.

Image removed.

Corporate usage of consumer mobile messaging applications

There are not always clear rules as to using consumer applications in a business environment. Sometimes, their usage results from IT’s initiative to help an employee who needs to communicate easily and quickly with an external party. But most often, their usage is referred to as shadow IT, that is to say directly by employees and without IT’s knowledge or consent. And as a result, confidential business documents or conversation logs end up being hosted on WhatsApp/Facebook, Google or Telegram servers.


Read also: Downloading mobile apps: what are the risks for my business?


The popularity of these solutions can be explained by the number of services they offer. Not only their user experience is much better than traditional SMS, but they also allow users to send large files, including photos and videos, transfer information within seconds, and create internal or external discussion groups.

Some of these solutions claim to place security at the heart of their strategy, especially with end-to-end encryption.


So, why not use them?

Behind the marketing spiel, users are unaware of the technical and security reality that creates risks to the integrity and sovereignty of their data. Where is your data going and who really has access to it?



Risks generated by consumer messaging applications


Use of metadata for commercial purposes

B2C solutions are generally free and therefore financed by massively collecting metadata, as well as their use for commercial and advertising purposes. Behind each message sent or each document shared on these consumer messaging applications, there are several pieces of information that are often invisible to users: metadata. It can be data used to access contact lists, call logs or geolocation. Metadata plays a vital role in streamlining most of the services provided.

It also generates revenue when shared with third parties (advertising agencies, polling organizations…). Disclosure of this metadata for commercial purposes can potentially affect business confidentiality.

Finally, it can be leaked without your knowledge or even hijacked for criminal purposes (hacking, social engineering, espionage, etc.), exposing your company to financial risks (loss of reputation, loss of clients, GDPR fines).


Read also: Application threats: levers for attackers, strategic challenges for IT organizations


Inadequate management of discussion groups

By definition, consumer messaging applications are open and not managed by an IT administrator.

They offer users the freedom to create discussion groups, exchange information, define the access rights of certain people to certain groups, and thus create a parallel organization that can lead to information leaks if IT cannot control them.

For example, in these discussion groups, nobody considers removing access for employees who have been terminated. They continue to see internal discussions, even months after they have left.

It should also be noted that these messaging applications are victims of their success (WhatsApp now has more than 1.5 billion users). Phishing attempts to try to gain access to user credentials are numerous. A single successful attempt can allow an attacker to access the conversations of millions of employees and, thus, all the confidential data they include.


Weak communication security

B2C messaging applications sometimes emphasize on communication security and encryption. This is true, but security protocols are often partially implemented. For example, encryption is not always enabled by default, or is enabled only for individual conversations and not for group conversations.

As another example, WhatsApp stores conversation backups as clear text on its Google and iCloud servers.

Shared files are not always checked and may contain dangerous links or may be infected.

Finally, securing these applications depends on the goodwill of their publisher. In addition, these applications are not always audited and certified by qualified and independent bodies. This is particularly true for Telegram and their proprietary encryption, which is an approach discouraged by all cybersecurity and cryptography experts.


Solutions available to businesses

In this context, B2B solutions have a lot to offer. Features are often similar to those enjoyed by users of consumer messaging applications, and they raise the sovereignty and security of your metadata and communications to unparalleled levels.

The business model of B2B solutions is based on the purchase of licenses. This is a prerequisite for a privacy by design approach.

Certain professional solutions take upon themselves to ensure end-to-end encryption of all of your data. It is a good practice to reconcile the need to communicate effectively within your teams, and the confidentiality of your business messages and conversations. In addition, certain vendors have the security of their solution audited, certified and qualified by independent and recognized organizations (e.g. ANSSI). 

Instant communications, individual or group voice and video calls, instant file transfers… their security is transparent and functional on all terminals and networks. Whether your contacts use an iPhone, a PC, an Android tablet or a Mac, you are able to exchange confidential information smoothly.

In addition, administrators can easily manage user accounts, revoke unwanted members and access accurate usage statistics while upholding the private and professional lives of your employees.

Professional messaging solutions combine practical and necessary features. Your communications are always accessible, but they are protected by unique security protocols to ensure their integrity and sovereignty. Your confidential emails, such as discussions with your associates or colleagues are protected, and user data cannot be extracted or used for commercial purposes.

While day-to-day communications with your friends and family can transit on consumer solutions, it is important to be extra cautious when it comes to professional communications. With such risks as hacking, interceptions, eavesdropping, and fraudulent use of data, do not leave your smartphone open to hackers, cybercriminals, and ad targeting.