4 minute read
Securing WeChat Will Help Leverage the Chinese Market
Here’s something you already know: The Chinese market matters. China accounts for almost a quarter of global GDP, and their expanding middle class has significant spending power.
However, China is also a unique economy and a unique information ecosystem. This landscape presents special digital transformation challenges. Global brands and companies targeting the Chinese market must learn to leverage WeChat – the country’s most important digital platform. In doing so, they need to safeguard their enterprise by maximizing WeChat security.
The Business Imperative of WeChat
WeChat is the biggest and widely used digital platform in China, with over 1.2 billion monthly active users in Q1 of 2020. The app is far more than just a chat channel. WeChat is China's foremost application for social media, banking, eCommerce, business, information, customer service, brand reputation building, and just about everything else.
In short, if you want to do business in China, you need to be using WeChat. As Tony DeGennaro of Dragon Social said in a webinar on WeChat security, the platform is the country’s only real digital space “for building brand awareness… and driving consumer engagement… If your company has no WeChat account, it will drastically reduce the trust in your brand.”
As WeChat is China’s biggest digital platform, it’s little surprise that it is also a big arena for cybercriminals. According to a report by the Supreme People’s Court, WeChat was by far the most widely used digital application by scammers in 2019. Over 50% of online fraud incidents investigated by Chinese authorities were conducted via WeChat. Identity theft made up 31.52% of all WeChat scams, while internet fraud accounted for 17.67%.
Outside China, cybercriminals are continuously developing banking Trojans that mimic popular social media apps, including WeChat, to access and steal user information. A recent banking Trojan, Cerberus, is capable of stealing user privileges, and granting itself additional permissions without any user interaction.
The Digital Risks of WeChat
Like other cloud channels, WeChat is a black box. Without extra tools, enterprises cannot see what their employees are doing in WeChat. This lack of visibility makes effective WeChat security very hard, and opens the door to all forms of digital risk.
WeChat scams like those mentioned above typically start with ransomware attacks in the form of malicious links and attachments. Phishing attacks conducted over WeChat will usually involve some form of social engineering. When they can’t see into their employees’ WeChat instances, enterprises cannot take steps to protect them from these cyber threats. The likelihood is that employees at western companies are at special risk of cyber-attack, as WeChat-savvy bad actors regard them as naive and vulnerable users of the app. But when security teams cannot monitor their WeChat activity, they are powerless to protect them.
This lack of visibility also opens the door to insider threats. Across industries, every single year, billions of private records are breached. Almost 90% are compromised via insiders, both malicious and accidental. WeChat has no end-to-end encryption security feature, and state-sponsored actors can easily access and retrieve information found on the platform. In general, users have almost no idea what happens to their data inside the WeChat ecosystem. This is an untenable situation for security teams seeking to prevent data leakage. However, at present, most companies haven’t implemented any special tools to monitor the flow of company data within the application, or rapidly remediate account compromises.
Finally, with WeChat, there are major compliance issues. Tencent, the company that owns WeChat, stated in an interview that WeChat servers are based outside China, and are therefore not subject to Chinese law. In reality, though, all information shared on WeChat is likely open to government access. Non-Chinese users located abroad are also visible. This state of affairs means that companies that don’t possess full visibility into their employee interactions are putting themselves at risk. They are in danger of violating China’s strict censorship laws and other regulations – regulations which can often be difficult to parse.
To protect against compliance risks and audit requirements, meticulous archiving and record-keeping is more important than ever, but WeChat itself offers no such service. Employees could be communicating in ways that expose them to compliance and cybersecurity risks, and not know it. With the added complexity of WeChat’s multiple add-on programs, the likelihood of this is raised. More so than with any other platform, companies on WeChat need to be recording everything they do. They need to be recruiting tools that enable them to do this, as soon as possible.
The Language Barrier
Another blocker to achieving WeChat security – a blocker that makes all the security challenges listed above more complex – is the language barrier. Enterprises need to monitor employee communications, and protect themselves from regulatory violations. They need to keep records of interactions, and safeguard themselves from threat vectors that present a risk of data leakage. This is hard enough to do with cloud channels in predominantly English-language markets. It’s even harder with WeChat.
WeChat supports numerous Chinese dialects, including the major ones of Mandarin and Cantonese. In many exchanges these could be fully or partially mixed in with other international languages. Any digital risk protection strategy aiming to achieve WeChat security needs to account for this linguistic reality – but this is a big ask. Achieving this security stance is required in order to properly audit conversations and capitalize on all business opportunities. But it is only possible with the right technology solution.
WeChat Security Requires the Right Tools
For many enterprises, WeChat encapsulates the challenges of modern digital transformation. Security, compliance, and legal teams are working hard to minimize their digital risk profile. However, KPI-based departments like sales, marketing, and customer service call for the adoption of new tools to further drive engagement, revenue, and growth.
Despite the WeChat scams, regulatory risks and so on, the platform is a must for enterprises looking to work in China. The SafeGuard Cyber platform is built to provide WeChat security without being a clunky app that gets in the way of a user. Policy frameworks can be ported across from other channel contexts with ease, and organizations can enroll all their WeChat accounts into the SafeGuard Cyber system for easy management, tracking, and purging.
February 26, 2021