3 minute read
Takeaways in this post:
- Enterprises have adopted the Telegram app for business purposes because Telegram is an agile communication tool with key features such as communities and file sharing.
- Despite the message encryption, Telegram for enterprise still poses security and compliance risks.
- Controls can help security and compliance protect end users, customers, and company systems from malicious payloads and regulatory compliance risks.
More companies are turning to mobile apps to get work done in ways that offer the least friction, especially since the beginning of the COVID pandemic. Among these, Telegram has been a favorite of disruptive financial services and crypto currency firms for its simplicity, speed, flexibility, and built-in encryption.
Telegram boasts 400 million monthly active users and very high engagement rates. The app also supports businesses with the ability to have groups of up to 200,000 users, with support for photos, videos, and files of any type. As a result, many companies have embraced the Telegram app for business ends.
A number of our customers here at Safeguard Cyber include innovative financial firms and digital currency brokers that have embraced apps like WhatsApp and Telegram. These disruptive players adopt mobile apps faster than traditional banks, making them incredibly agile and responsive to clients. Telegram's features, ease of use, and amenability to developers has spawned an ecosystem of third party tools, like Telefuel, that supercharge the cloud-based app into enterprise-level software for collaboration and client communication.
But Isn't Telegram Encrypted?
Widely considered to be one of the most secure messaging apps in the world, Telegram messenger security is a cut above the rest. However, even encrypted mobile chat apps are subject to security and regulatory compliance concerns. With the ability to host large groups (up to 200,000 users) and large file sizes (up to 1.5 GB), Telegram users remain vulnerable to spear-phishing, ransomware, and cyber-espionage attacks through link and file sharing, as well as the threat of data loss and compliance risks.
Malware, Cyber-espionage, and Spear-phishing
As with Whatsapp, these digital risks still threaten Telegram messenger safety. With groups that could include 200,000 people, it’s virtually impossible to know who’s who. Bad actors can easily infiltrate communities and drop malicious links and files. Incidents of stolen crypto wallets and secret surveillance of users have been reported. Without visibility and controls, it is difficult to monitor Telegram messages and detect signs of bad actors spear-phishing and cyber espionage.
Telegram’s 1.5Gb file size limit allows for more leeway in data sharing. However, it also means that larger, more sensitive files can be leaked. Bad actors or simply clumsy employees can leak, exfiltrate, and even accidentally delete much bigger amounts of data than with WhatsApp. This is why enterprises that plan to use the Telegram app for business need policies to stop data exfiltration and accidental sharing outside the organization.
Digital currency traders and financial service providers have seen the value of Telegram for enterprise purposes. However, theirs is a heavily regulated industry, and a lack of adequate controls can result in serious compliance risk exposure. Users may intentionally or accidentally share customer PII or engage in conversations that violate regulatory compliance. Because of this, customers have approached us and asked how to use Telegram for business compliantly and securely. We developed our solution to help them reduce these risks and ensure legal readiness by storing full conversations in a searchable archive with audit trails for every action.
Enabling Telegram App for Business Use with Robust Security and Compliance
In response to customer concerns about how to use Telegram for business, our platform now extends our award-winning security and data loss prevention capabilities to the Telegram app. Customers will now be able to:
- Capture Telegram content in real-time
- Apply security and compliance policies to ensure Telegram messenger security
- Automatically quarantine messages that pose data loss or compliance risks
- Scale protections to multi-regional deployments, regardless of language or regulatory differences
Example: Message quarantined automatically for DLP policy violation
In our recent Digital Risk Survey, more than half of senior IT and security professionals cited the use of unsanctioned apps as the biggest security and compliance challenge. We’re proud to give security and compliance teams a scalable solution to enable the Telegram app for business use as a sanctioned channel.
Download: Telegram Security & Compliance
Through the end of the year, we're waiving service fees for Telegram licenses. Learn more about getting started with Telegram and ensure Telegram messenger safety with the SafeGuard Cyber platform.
January 9, 2021