WhatsApp Encryption is a Good Start, But Businesses Need More Security

11 April, 2016 by Ouriel Weisz

On March 31, WhatsApp announced that its communication services will be protected with “full end-to-end encryption” going forward — all calls, text messages, voice messages, documents, photos, and videos will only be accessible by the sender and receiver while third parties, such as cyber criminals, hackers, oppressive regimes, and even WhatsApp itself, will be unable to penetrate the conversations. It was likely developed in response to the recent Apple and FBI controversy, in which the FBI announced last week that it successfully unlocked the iPhone used by one of the gunmen in the San Bernardino terrorist shooting.

This feature is an impressive first step towards greater security, illustrating that there is a clear need in the market for secure messaging — as secure messaging professionals, we are happy to see WhatsApp using its massive and global user base to promote encryption and security.

Still, it’s important to note, that while this is a great start in a necessary dialogue surrounding security and encryption, businesses looking to protect their confidential information need more security features than just end-to-end encryption.

What Is End-To-End Encryption?

In simple terms, as WhatsApp describes in their blog post, end-to-end encryption ensures that only you and the person you’re chatting with can access your messages. WhatsApp writes, that each message is secured with a “lock” and only you and the person on the other side of the conversation are equipped with the “key” needed to unlock the contents and read them. So, no matter how sophisticated third parties are — including the FBI, for example — it is virtually impossible for them to decrypt and read your messages.  

What Does This Mean For Businesses?

Yes, WhatsApp is a consumer product, but it is often used by employees for business related purposes as well. In fact, according to a Nielsen study, 97% of employees use instant messaging services like WhatsApp to communicate with colleagues everyday, while 75% of those people explicitly share confidential work-related information.

Still, even with WhatsApp’s new end-to-end encryption feature, employees wishing to exchange messages and work related information should not rely on WhatsApp for several reasons.

It Still Breaches Compliance Regulations

First, many enterprise verticals (such as healthcare>, finance, law, and law enforcement) have compliance requirements that WhatsApp does not meet. On WhatsApp, for example, data can be deleted by users or discarded, however, most verticals require that companies save their data and confidential information. The silencing of the ‘man in the middle’ not only means that people outside your company can’t read messages, it also means your company itself cannot access it in case there is legal or security need, making monitoring and compliance impossible.

It is also important to note, that secure communications means more than just end-to-end encryption. NURO Secure Messaging, unlike WhatsApp, is not simply a consumer product — it’s built with the security of businesses and organizations in mind, offering an array of secure communications features. It provides end-to-end security similar to WhatsApp, but it also meets the compliance requirements of specific verticals, boasts a unique cognitive security feature, device security, and features an Admin Console.

The additional features by NURO is key to maintaining business security. If, for example, an employee’s device that contains confidential information is lost, ends up in the wrong hands, and can be accessed by the thieves, then end-to-end encryption on private conversations is not much help because all the un-encrypted conversations are available on the device to the user or the malicious attackers. It’s for this reason, that several other backup features must be put in place.

NURO’s Security Features for Businesses

    The Admin Console provides account managers with a control panel, permission management, cyber security analysis, and cognitive analysis. This feature enables organizations to recover communications easily without the need for complicated and preemptive backup procedures, in case employees lose their devices. In addition, this feature permits organizations to keep track of their employees’ conversations so that in case of abuse or malicious behavior by employees, organizations can audit conversations.

  1. Cognitive Security is a secure communications feature that is unique to NURO. NURO uses artificial intelligence and cognitive computing to analyze messaging patterns within an organization. It detects abnormalities, predicts and prevents security breaches before they occur. This feature is essential for businesses, especially considering that a majority of businesses today will be hacked at some point in the future.

Overall, WhatsApp is taking an important step in promoting the privacy of their users, but they are not the first to provide such as service, nor the last. The importance of this security upgrade is greater than meets the eye, it promotes public discussion and awareness for Encryption and Security in messaging. Nevertheless, Whatsapp remains a consumer app; the information shared and chats created are not connected to your corporate directory or any internal system, immediately turning it into a less productive and less secure solution for businesses.