Messaging Apps: Three Important Considerations

19 September, 2016 by Ouriel Weisz

With corporate espionage, hacking, and cyber-terrorism increasing each year, your organization needs a secure messaging app. Gone are the days when large-scale breaches of cyber security required support at a national level. Today, a quick Google search or how-to YouTube video can give anyone with enough motivation and a basic understanding of technology the tools to hack into your most sensitive data.

The business landscape is dynamic and staff must be capable of coordinating their activities (in ever-changing conditions) with speed and security. In a world where face-time is a luxury, email is the enduring standard. Common alternatives are SMS/text messaging (considered direct and reliable) and messaging apps.  While messaging apps are a feature rich and perfectly satisfactory means of communication, they risk introducing serious security vulnerabilities.

Email can be used to all but hand-deliver viruses to each computer and device on your network. Hackers can easily spoof emails so they appear to be from legitimate sources. This can lead to sensitive information being revealed by unsuspecting employees, or to detrimental actions being taken as instructed by the fraudulent message. The ability to forward or archive an infected exchange spreads the threat rapidly. Every employee with an email account is a security weak point.

Text messages can be forwarded just as easily as an email. Even with diligent training and competent staff, the transmission method for text is vulnerable to interception by readily available technology.  For example, a small device called a femtocell can be used to read text, data, and voice transmitted messages over cellular networks. Another concern is what happens when your data reaches its destination. Often your messages are stored for a period by law, offering more potential exposure points.

Messaging apps offer all of the advantages of text messaging as well as robust features like video chat. Most claim to be a secure and modern alternative to text messages but often they can fail to deliver fully on the security front.

Fortunately, there are a few apps that do take privacy very seriously and are worthy of attention. It is not the purpose of this article to promote any brand in particular. Instead we want to offer advice concerning the three most important features to consider when researching a secure messaging app for your company:

  1. User-Friendliness: This may sound relatively unimportant when considering security, but an app—no matter how secure—that no one uses, is completely pointless. Your employees must feel unburdened by the experience, or they will opt out and turn to a potentially less secure alternative. The likeliest candidates will be the most familiar: email and text.
  2. Device Encryption: Many apps boast of their encryption abilities . The truth is most only encrypt your data while it is in transit. Once sent or received, your messages are vulnerable to prying eyes. Additional device encryption is critical. This is not true some of the most popular messaging services who store the keys either in the cloud or on the app maker’s servers. Since you do not own the encryption keys, the creator of the app, your internet service provider, or someone with a femtocell and time at their disposal, could view your message.
  3. Control of Message: When a message is sent you want the ability to control how that message is viewed and shared. Without the option to prevent a receiver from sharing or saving a communication, your information is at someone else’s mercy.

It’s also worth remembering that a company-wide messaging app will inevitably be used by everyone working collaboratively as a group. It follows that any adoption of a new messaging app should ideally be the culmination of a group decision!