The COVID-19 pandemic has placed added pressure on enterprises to leverage every digital tool they can. People are isolated and working from home, with their internet-connected devices their only connection to the outside world. Now more than ever, businesses that want to effectively reach customers need all the tools in the digital toolkit.
Until recently, businesses didn’t have to worry about WhatsApp. It was just something friends used to exchange the odd message. This has rapidly changed. WhatsApp has become so ubiquitous that it now has over 2 billion users. Inevitably, it has shifted from being only a personal tool to being a professional tool. With this expansion, and with the sudden shift to remote work, WhatsApp enterprise security has become a crucial issue.
Five-million small businesses have integrated WhatsApp into their core strategies, according to Adweek. And due to its cheap pricing and simplicity, the platform has become the default business communication channel for emerging markets such as Brazil and India. The testimonies are numerous and varied. For example, a clothing outlet in Brazil achieved a 10% monthly revenue growth once it allowed 80% of its orders to move through WhatsApp.
In healthcare and pharmaceuticals, WhatsApp is an invaluable way for professionals to quickly communicate with patients or suppliers – and in some regions, the only way to garner a response. In fact, 90% of doctors in Brazil use WhatsApp, forgoing traditional business channels like phone and email.
In short: If you want to do business in emerging markets, your teams need to be able to use WhatsApp.
Businesses are understandably rushing to leverage the power of WhatsApp, especially with the social distancing brought on by the COVID-19 pandemic. But to remain secure and compliant, they need to get their WhatsApp enterprise security stance right. Here are the four foundational steps to get started:
1. Employees Must Opt-In to Oversight
Overseeing employee WhatsApp use begins with security and compliance teams gaining visibility into communications. WhatsApp’s native end-to-end data encryption means that gaining this oversight requires some technical output. But before companies begin to protect employee WhatsApp channels to make sure all their messages are safe from malicious links and compliant with company policies, they need a firm opt-in policy.
WhatsApp isn’t like someone’s company-assigned email. WhatsApp is where we conduct a lot of our personal and private lives. Employees assume that no-one, and certainly not their boss, can see into their WhatsApp messages. This is why WhatsApp enterprise security needs to start with full transparency. Companies should explain to employees why and how they intend to monitor their WhatsApp communications. They should proactively offer them solutions to any apprehensions about privacy. An obvious one is offering a separate work SIM card for their professional WhatsApp-ing that they can swap for their personal SIM when they’re not at work.
However the WhatsApp enterprise approach is structured, employees have to be in the loop, and they have to have opted in to having their messages scanned for company policy violations. Ethically and legally, this is the only play.
2. You Need Total Visibility
Once employees have opted in, and understand that all their WhatsApp activities are being vetted, companies need to achieve and maintain absolute visibility into all WhatsApp interactions. This is the only way that security and compliance teams can be sure they are catching any and all potential digital risks. An employee might be sending hundreds of WhatsApp messages a day. It isn’t enough to catch and check half of them. An issue could be lurking in any of the hundreds that weren’t scanned.
The challenge is that scanning every message and every interaction is a big ask. The velocity of digital communications is exponential. Data from one of our own pilot programs shows that 13 healthcare reps in Brazil generated 2,400 messages in 14 days. That means the country’s entire field force of 450 reps would generate over 178,000 messages every single month. Human teams cannot keep up with communications at this scale; or, more accurately, the amount of dedicated people you’d need to keep up with it all is simply not viable. Instead, you need help from AI.
Using machine learning, a dedicated digital risk solution can centralize all relevant accounts into a unified WhatsApp enterprise risk management hub. Having the view from a single, unified platform empowers businesses to gain complete, real-time visibility into WhatsApp enterprise communications. Issues can be flagged automatically and instantly; remediation can occur right away.
3. You Need Policy Customization
Every industry and every business experiences different digital risk pressures. Each enterprise has to keep an eye on a different set of regulations and make sure that everything they are doing is compliant. At the same time, each enterprise has their own set of internal policies and standards that they need to adhere to. For every company, this combined policy set is complex, subtle and unique to different regions.
In short, a one-size-fits-all solution won’t work. Staying secure and compliant isn’t as simple as catch-all solutions like scanning for a certain word, or banning images. The approach has to be flexible and customizable. When establishing WhatsApp enterprise security protocols, companies need risk management solutions that let them compose and customize their policies, and then quickly apply them across the full bandwidth of communications. Companies need to be able to constantly update, tweak, and renew these policies. They need these policies to tie seamlessly into an automated alert management system.
4. The Technology Needs to be Scalable
It’s no good having a WhatsApp enterprise security stance that works great at your current company setup, but will experience strain in two months’ time. The scale and speed of WhatsApp communications is only going to grow, and more people are going to be using the platform for work purposes. This means you will be having more and more employees opt-in to your WhatsApp enterprise security model, and this means more and more communications to track. More messages. More complex policies. More scanning.
Once again, only an AI-powered, centralized, dedicated platform can offer the scalability required here. The most effective tools are built with baked-in scaling powers, so that the core tech can handle any feasible uptick in communications – enabling you to extend your security policies to channels unprotected via traditional perimeter security. Older, perimeter-based tools cannot offer this, and humans could never keep up.
WhatsApp is here to stay. Enterprises will eventually be unable to resist the pressure to add the messaging platform to their toolkit. But out the box, the platform is a black box, creating a security and compliance nightmare. Smart companies should establish a WhatsApp enterprise security model now, so that they are prepared to seize future business opportunities from slower competitors.
June 2, 2020
SafeGuard Cyber Team