WeChat Work (or WeCom) is the dominant collaboration platform in mainland China. In the US, the collaboration space is led by Slack, Microsoft Teams, and one or two other tools. In China, there is really only WeChat Work. Any company seeking to do business in the country needs to onboard, leverage, and secure this platform.
WeChat Work is built on the foundations of WeChat, China’s leading digital platform. The collaboration tool boasts over 130 million active subscribers, and 5.5 million enterprises use the platform (including Walmart, Bank of China, and Cartier).
However, like WeChat itself, WeChat Work presents enterprises with a range of security and compliance risks. These risks are unique to the WeChat platform ecosystem, and unique to the geographical setting of China. Safeguarding against these risks requires security tools that can cope with the volume and velocity of modern collaboration tools, and which are tailored to the nuances of the Chinese digital economy.
Case Study: Learn how a global asset management firm
empowers compliant adoption of WeChat
The Cyber Risks of WeChat Work
In our recent survey, we found that 57% of organizations see internal collaboration platforms as the tech stack presenting the biggest security risk. These organizations are right to be concerned. Collaboration platforms like WeChat Work present risks for a number of reasons:
- They play host to an extremely high volume and velocity of communications. Even a mid-sized WeChat Work instance will see hundreds of messages shared back and forth every day.
- Any one of these messages could contain an external threat, such as:
- A phishing link, a malicious file, spoofed domains or profiles, or another form of threat.
- Equally, any one of these messages could contain an internal and/or compliance-related threat, such as:
- The start of a data leak, customer communications that breach government regulations, harassment, or another HR issue.
- The speed of communications makes manually monitoring for these threats impossible.
- Even if manual monitoring were possible, security teams lack the visibility to see into their WeChat Work instances.
China-Specific Collaboration Considerations
These considerations are fairly common to all collaboration tools. However, WeChat Work brings with it a variety of considerations that are unique to the platform, and unique to it’s Chinese setting. Here are a few things to consider:
- WeChat integration worries. WeChat is so prominent in China that Chinese consumers don't trust a brand that doesn't use it. WeChat Work, though a separate application, is designed to be interoperable with its WeChat mother platform. This makes it very efficient to use, as staff can easily tap into existing contact databases, and blend internal operations with external outreach and customer contact. However, it also means that security and compliance issues can quietly move from a WeChat instance into a WeChat Work
- Poor encryption. WeChat Work possesses no end-to-end encryption security feature. More so than with many other tools, bad actors can access and retrieve information found on the platform. On the whole, what happens to data inside the WeChat ecosystem is a mystery. This is a real problem for security teams seeking to prevent data leakage.
- Regulatory concerns. China has a tightly controlled digital ecosystem. It is likely that all information shared on WeChat, or WeChat Work, is open to government access. As a result, companies without full visibility into their employee interactions are putting themselves at risk of violating China’s censorship laws.
- Weak content controls. WeChat Work’s content controls are underdeveloped. WeChat team members can easily post unauthorized/ungated content and share it with unauthorized parties via insecure channels and networks. These challenges are exasperated by the WeChat integration covered above.
- Weak group controls. China has a very large population, and WeChat groups are often very large. Managing groups and accounts can be a challenge, especially when there is an extremely high chance of people within the same WeChat team or group sharing the same name. It’s a challenge to ensure that the right people have the access to the right account, information, and conversations.
- The language barrier. China is home to hundreds of local dialects; business exchanges within the WeChat Work platform can span different languages, and present a challenge for teams looking to monitor and vet conversations.
A WeChat Work Security Checklist
With this exposure to various cybersecurity and compliance risks, companies can't rely on WeChat Work's default security measures. They need a robust, bespoke cybersecurity solution to fully cover them from known and unknown threats that stem from use of the WeChat platform.
The right solution must offer the following features, and provide the following protections:
- 100% visibility. Teams must be able to monitor all of the communications and interactions occurring on their WeChat Work Their security tool should monitor all communications, around the clock.
- Automated detection of threats. Teams must be able to implement custom policies, and then receive instant alerts when a potential threat is detected. A centralized dashboard should show all interactions and immediately sends alerts.
- Full coverage of message content. The right security platform should be able to scan text, but also vet all links, files, even GIFs and emojis. Comprehensive data capture- captures all sorts of content, including deleted content, audio files, images, emojis, etc.
- Full archiving and record-keeping. WeChat offers no archiving. For audits and compliance purposes, companies using WeChat Work need to be recording everything that they do. Their digital risk protection platform should provide full record-keeping.
- Multilingual Support. Conversations in WeChat Work might move between Mandarin, Cantonese, smaller dialects, and international languages. Proper protection must provide coverage across all languages.
Securing Your WeChat Team
WeChat Work might be a little more opaque than collaboration tools like Slack and Teams. There are certainly unique challenges of the tool and its geographical setting that need to be met. However, with the right digital risk protection, companies can confidently implement WeChat channels for business within the dominant collaboration tool in China.
Guide: To read more about implementing
and securing WeChat Work, check out our full guide.