Security considerations when using messaging tools for business

Firms go to great lengths to protect their business information when it comes to physical security. Try wandering into company offices and you’ll likely be denied access unless you have an up-to-date access card. Visitors need to check-in at the front desk and be collected by an employee at reception. But those rigorous protocols don’t always extend to every aspect of business communication. And one of the weak links can be the use of messaging tools, which can put company data and operational information at risk – depending on the solutions that firms provide for their employees.

Secure enterprise messaging developer NetSfere points out that mobile messaging has become key to workplace collaboration and customer engagement. Messaging platforms speed up the process of getting crucial information from colleagues and clients and are much more convenient to use than traditional digital tools such as email. But the messaging platform ecosystem that’s arisen today has a variety of origins. And solutions have been created to serve different markets, and this is where issues for business users may creep in.

NetSfere estimates that unsecure consumer messaging apps are used by 70% of employees, which could inadvertently put sensitive business data at risk and compromise privacy. To understand why, it’s worth considering the core elements of an enterprise messaging system and contrasting those with free apps or software that comes bundled with other services.

Using messaging tools for business

To keep company data and operations across an organization safe from prying eyes, IT teams require business messaging platforms that enable role-based user authorization – giving fine-grained admin control – and prevent unauthorized access. Control panels should be feature-rich with relevant analytics to give companies a heads-up on suspicious activity so that security teams can take prompt action. And, naturally, all traffic should be fully encrypted to keep confidential information (and any revealing digital breadcrumbs) hidden from competitors.

“We do all this without collecting user data,” Anurag Lal, CEO at NetSfere, told TechHQ. “Even my engineers cannot decrypt what’s being sent across our platform.” NetSfere’s enterprise customers pay a fee to use the system, generating revenue for the tech firm that’s been active in mobile messaging since the 1990s. But what about consumer solutions that allow users to send messages and make audio and video calls for free?

How do developers monetize their services in the absence of subscription revenue? And what are the security considerations when firms use those consumer apps as business messaging tools? Business customers need to pay attention to the small print and understand that signing up to free tier services could expose them to information mining. “Data is the new gold,” warns Lal.

Vendors will be quick to highlight that conversations and message exchanges are end-to-end encrypted, but what about other data that’s being collected? Looking at the developer information listed on managed software repositories such as the Google Play Store can help business messaging users understand what kind of details are of interest to providers.

For example, while neither WhatsApp Messenger, nor Slack claim to share data with third parties, Microsoft Teams is listed as having details that may be shared with other companies or organisations. And things become more revealing when you scroll down and look at the types of data that apps may collect from devices.

WhatsApp Messenger, Slack, and Microsoft Teams are all listed as collecting personal info, location info, financial info, contacts, app activity, app info and performance, and device or other ids. In addition, both Slack and Microsoft Teams are listed as collecting messages, photos and videos, audio, and files and docs. And Microsoft Team is reported as gathering calendar events too.

Satisfying enterprise security needs

In comparison, to emphasize the difference of using tools that have been built to appeal to the security needs of business messaging users, NetSfere’s app – again, based on Google Play Store information – neither collects nor shares any user data. And it’s the same story when looking up NetSfere on Apple’s App Store, which reports that the developer does not collect any data from this app.

Another important aspect when considering messaging tools for business users is control. How easy is it to revoke access to conversation threads on tools used for business messaging once employees have left the organization? And can sensitive information be removed from devices?

By hosting business messaging exchanges on consumer platforms, firms could unwittingly put sensitive information into the hands of competitors if there’s no central control on the company side over who has access. Today it’s commonplace for staff to work for multiple employers throughout their careers. And personal smartphones can, over time, become a jumble of proprietary details unless workers have access to dedicated business messaging tools.

AI-powered features

What’s more, enterprise tools increasingly have AI-powered security tools baked in too – for example, to reveal suspicious sign-ins and other behavior that looks unusual such as different credentials coming from different parts of the world. And by operating in a closed system, firms reduce their risk of falling victim to phishing attacks, which continue to disrupt business operations.

Investing in dedicated business messaging tools for staff will save companies in the long run and shows that organizations are serious about security and protecting their intellectual property. Clients too will appreciate the attention to detail and being seen to use security-focused messaging platforms could give firms the edge when it comes to winning new business.