Using WhatsApp for work? Be aware of the risks.

Published On: 29.03.2019Last Updated: 30.06.2022Categories: Critical communications


WhatsApp in workplace communication

WhatsApp is the most popular instant messaging service with its 1,5 billion monthly users. At the time of writing this article, it can be found on most users’ phones in Europe. WhatsApp is a very handy tool, and for the most part it’s reasonably secure as well, as long as you have the correct settings selected. The messages sent and calls made through the app are encrypted and WhatsApp doesn’t store messages on their servers without permission from the user. In terms of information security this is enough for most individuals. When using WhatsApp to facilitate instant messaging in a corporation or other organization, however, there are some issues that can prove hard to tackle. For example, just one person having the wrong settings in their app even for a while can result in all of the conversations he/she is part of being stored on WhatsApp’s servers unencrypted. You might see how this can be problematic, and the biggest hurdle for many organizations is called the new General Data Protection Regulation, or in short, GDPR.

GDPR and instant messaging apps

The European Union’s General Data Protection Regulation came into effect on May 25th, 2018. It brought with it several changes to the way organizations need to handle personal information of European citizens. With the GDPR in effect, many instant messaging apps became virtually unusable, or at least extremely problematic to use for organizational messaging. The GDPR guarantees several rights for individuals, including:

  • The right to access and control information stored about them
  • The right to have information about them corrected (rectified) upon request
  • The right to have their information erased
  • The right to be informed about information stored and possible compromization of stored information

The regulation itself is quite clear and following it is quite straightforward in most cases. However, many instant messaging apps pose a problem in organisational use. If, for example, an employee stores contact information of clients on a company phone and uses e.g. WhatsApp on the same phone, all of the contacts are probably already stored on WhatsApp’s servers. In addition, if just one person has message backup option turned on, all of the conversations he/she is part of are stored on the WhatsApp servers as well.

In addition to issues regarding the storage of data, using a common everyday instant messaging app for organisational communications makes it easy for people to start unsupervised group chats that are in no way controlled or monitored by the organisation itself. This easily leads to a multitude of problems, not just regarding the GDPR.

One example of such a problem is a mishap that occurred in a Swedish police department in 2014. They started a group chat in WhatsApp the aim of which was to reach each other more easily during the day. There was no intention to use the chat for official purposes or to handle classified information. However, less than an hour after the chat was started, there was already a civilian person invited to the chat by accident, as well as classified information being shared, including personal information and images of criminal records. If this happens in a relatively small police department, what is the usage like in larger, less critical organizations?

Secapp solves the issue

When developing Secapp, great care has been put into making sure it complies with the latest regulations and is as robust and secure as possible while also providing a familiar and comfortable feeling user experience. Along its other key features, Secapp can also serve as a simple and secure instant messaging platform for your organization. Here are a couple of reasons why it might be the solution for you:

  • Familiar instant messaging look and features
  • Centralized management of contacts
  • All of the information handled stays in your control at all times
  • End-to-end communication encryption as well as the option to encrypt the sent content itself
  • Possibility to erase information from users’ devices remotely

If you know that WhatsApp or other similar instant messaging app is used at your workplace, be aware of the issues and threats mentioned in this article, or even better, contact us for an easy and secure solution that’s very easy to implement. We’ll be glad to help.

You will move now to the Secapp Finland web page!!
You will move now to the Secapp Finland web page!!