In today's technologically advanced age, the boundaries between our professional and personal lives are blurring. This shift is largely due to two interconnected trends: the rise of Bring Your Own Device (BYOD) policies in workplaces and the increasing use of mobile messaging apps for business communication. While these developments offer undeniable benefits such as increased efficiency and reduced costs, they also present unique compliance challenges that need to be addressed.
This article will delve deep into these aspects, exploring how businesses can compliantly harness the power of these emerging technologies without compromising security or privacy. We will unpack how it is possible to allow employees to use tools like WhatsApp natively on their own device with little IT overhead or user friction.
Mapping Innovation at the Device and App Level
A January 2022 report by Security Boulevard, a US-based media company, found that 59% of enterprises were using BYOD to enable mobile workers. IT organizations are motivated to move to BYOD primarily because of cost savings. Instead of purchasing and maintaining company-owned devices, companies can offload the cost of device procurement, maintenance, and upgrades to employees.
Employees love BYOD, meanwhile, because it allows them to use the latest device innovations in a form factor that they are already familiar with and prefer, leading to greater satisfaction and productivity.
Innovations aren't just happening at the device level; they're also happening at the app level, driving the popularity of apps such as WhatsApp as a business tool. Messaging apps have evolved beyond text-based communication, providing users with a wide range of ways to better engage with customers. Multimedia content such as photos, videos, GIFs, and stickers make richer conversations. In-app voice and video make it easy to interact with clients by enabling users to make audio and video calls directly from the messaging app.
Additionally, group messaging has become an essential feature, allowing users to set up groups, add participants, and have group conversations to quickly answer questions. These innovations are driving results, as experienced by a large global pharmaceutical company that switched from email to WhatsApp outreach healthcare professionals:
- Created wider engagement with a 98.4% opt-in rate for company communications
- Boosted open rates by 34% for sales messages
Mobile innovations are driving employee productivity and corporate results. But here’s the thing: they can be a double edged sword if compliance programs don’t keep pace with them.
The Compliance Conundrum
With mobile messaging outperforming email for client engagement, it's easy to see why employees might use it even if it's not sanctioned.
Regulators caught up to this reality and found this type of “off-channel” communications pervasive in the financial services industry – to the tune of more than $2 billion in settlements over the last two years with a dozen global financial firms. These companies cooperated with the investigation by gathering communications from the personal devices of a sample of the firms’ personnel. Most phones were the property of senior and junior investment bankers and debt and equity traders, it was found that in some cases, supervisors and senior executives responsible for ensuring compliance with the firms’ communications policies themselves violated the firms’ communication policies.
So how can companies sanction mobile apps to compliantly harness their power? It isn’t an easy task:
This industry sweep has highlighted:
- Capturing employee chats in WhatsApp and other consumer mobile messaging apps adds a new BYOD wrinkle at the app level.
- EMM (Enterprise Mobility Management) solutions allow personal devices to be used for work by creating a virtual container on the device that is managed and secured by corporate IT.
- The use of personal apps for work creates a dilemma both for the worker and their employer, because the app resides outside of the enterprise-managed container.
- If the app is managed by the company, it raises privacy concerns for the employee since their work and personal lives intersect.
What is the Solution?
Many IT organizations consider two options when confronted with this new challenge:
- Adding a mobile app such as WhatsApp for Business to the enterprise container. Sounds simple at first glance, but it adds complexity and overhead to the company’s BYOD program. since a virtual phone number must now be associated with and maintained for the BYOD container with an added recurring monthly charge for the service.
- Return to providing employees with company-owned devices, which many might consider to be a step backwards in their mobility strategy. Such an approach that is often offered in lieu of BYOD is called CYOD or Choose Your Own Device. CYOD gives employees a pre-selected range of devices to choose from for work purposes. This limitation can lead to dissatisfaction among employees who have personal preferences for specific devices. IT organizations prefer a limited range of devices because supporting more device options increase support complexity since each pre-selected device needs to be supported, managed, and updated.
The good news? There is a third option.
SafeGuard Cyber offers the option of using tools like WhatsApp natively on the employee's device with little IT overhead or user friction.
In this approach, employees opt-in via their personal WhatsApp accounts. No agent is required. Instead, the user receives an email, requesting authorization to monitor their account via the scan of a QR code. Once authorization is granted, the SafeGuard Cyber platform begins collecting messages directly from WhatsApp via a software integration that is transparent to the user.
The native WhatsApp experience is unchanged for the user and their privacy is protected because only business-related messages are processed via SafeGuard Cyber’s unique Selective Processing and Archive feature.
SafeGuard Cyber captures all WhatsApp messaging including deleted content, texts, emojis, GIFs, file attachments and metadata. However, Selective Processing and Archive only supervises and archives sessions that involve known business contacts identified within the SafeGuard Cyber platform. Messages within a session between the employee and an unknown person or group are ignored and discarded.
This approach ensures that employees retain the native WhatsApp experience while the enterprise is able to supervise the WhatsApp conversation and meet recordkeeping requirements. This is accomplished while respecting employee privacy, preventing user friction, and without causing IT burden.
Ready to ensure SEC compliance? See our solution in action!