WhatsApp_WeChat

Executive Summary

In the US and Europe, many enterprises rely on Slack or Microsoft Teams to facilitate internal collaboration. In Mainland China, companies use a different tool: WeChat Work.

Any company looking to run operations from within Mainland China will want to utilize WeChat Work. Its integration with Chinaʼs dominant messaging platform, WeChat, is too powerful to ignore.

However, like other collaboration tools, WeChat Work exposes employees and organizations to a range of cybersecurity and compliance risks.

This guide outlines how WeChat Work functions, why it is so essential, and how organizations can use the platform safely.

The platform is the country’s only real digital space “for building brand awareness… and driving consumer engagement… If your company has no WeChat account, it will drastically reduce the trust in your brand.”

Tony DeGennaro of Dragon Social

Brand_Light_padded

What is WeChat Work?

WeChat Work is an enterprise collaboration tool that evolved out of Chinaʼs dominant messaging app, WeChat. The platform is intuitive, feature-rich, and integrates seamlessly with the more general WeChat messaging app. WeChat Work creates an enterprise-scale cloud-based collaboration platform for internal communication, that also connects companies directly into WeChat to reach customers and communities. In many ways, WeChat Work anticipates the type of communication that might be possible with the Salesforce-Slack acquisition.

For a sense of the centrality of the WeChat suite to business operations in Mainland China: Picture a singular social media landscape with 1.2B consumers. Now, imagine connecting that social network to an enterprise workplace collaboration platform, combining the internal communication capabilities of Microsoft Teams with consumer facing communications, all within one smooth hub.

Slack and MS Teams are not available within China. This makes WeChat the dominant collaboration platform.

The platform offers an extensive set of enterprise tools: chats and groups video conferencing, task management, calendar, attendance, approvals, document collaboration, user management, and more.

As of December 2020, WeChat Work had 130 million active users and catered to over 5.5 million businesses, making it the leading business communication app in China.

How Does WeChat Work Relate to WeChat?

WeChat has been the dominant communication platform in China for many years. With no direct analog in the west, WeChat is a super app that provides instant messaging and a social network, but also e-commerce, online payments, and local services – all within a single platform.

When WeChat Work was launched in 2016, 80% of Chinese users already performed professional tasks through WeChat. It was renamed WeCom in late 2020, but most end users still call it WeChat Work.

WeChat Work was a reaction to the dominance of WeChat, including in professional settings. It is less a new platform, and more a tool to offer a foundational segmentation of Chinese individuals' personal and professional lives. WeChat Work strives to help employees create and maintain a balance by separating the professional and personal aspects of their lives.

The collaboration platform is accessible from within WeChat in just a few clicks. As a user experience, it comes with the familiarity and consistency of the WeChat platform.

The interoperability between WeChat and WeChat Work – and the way data and communications on either side of the WeChat suite can move smoothly between both – is crucial to how enterprises use the tools:

  • By adding WeChat Work, businesses can port their existing communications data across to internal collaborative settings with the ease of an enterprise cloud-based instance with central administration. They can communicate, interact with, and sell to customers without having to exit the WeChat Work environment and use an external tool. This two-way data-sharing offers rich, actionable insights to drive business decisions.
  • Customers also enjoy the same advantages. They can reach out and communicate with brands from their personal WeChat accounts. Other WeChat Work enterprise features, such as mini-programs and video conferencing, are also interoperable with WeChat.
  • This interoperability was in full display during the Coronavirus pandemic in 2020. An estimated 220 million WeChat users leveraged WeChat Work for online business meetings at the height of the coronavirus crisis.

 

A case study on how a Global Asset Management Firm Empowers Compliant Adoption of WeChat
Learn more on how to ensure secure and compliant communications
Download Now
WeChat Work Guide LP Graphic-01

Business Benefits of WeChat Work

At the top level, the benefit of WeChat Work is that it enables companies to utilize a collaboration platform that integrates with Chinaʼs dominant messaging app.

Smooth project management, customizable tea, chat channels, internal discussions, file-sharing, and so on.

WeChat Work leverages the feel and experience of the original WeChat app, making the transition from a consumer-grade app to an enterprise solution almost frictionless for companies.

Moving between interacting with customers and prospects on WeChat, and then organizing all-round sales and marketing activities in WeChat Work, offers supreme efficiency. This centralization is impossible with other tools.

Other powerful features of the platform:

  • Free video conferencing for up to 300 participants.
  • Real-time document and spreadsheet collaboration via mobile devices, desktops, and laptops.
  • Offline functionality enables users to work on documents even if they're not connected to the internet.
  • Automated chatbots can share updates and notifications in group chats. Bots are one-directional, meaning they don't have visibility to other messages in the group chat.
  • File history for up to six months. (Files shared in other messaging and collaboration platforms expire in a matter of days.)
  • Intuitive task management helps simplify the creation, assigning, and scheduling of tasks among team members.

Cybersecurity Risks of WeChat Work (WeCom)

According to our recent survey, 57% of organizations cite internal collaboration platforms as the tech stack representing the most risk. CISOs are right to be worried. And WeChat Work presents the same challenges as other internal collaboration platforms such as Slack and Teams:

  • At even a mid-sized company, the volume and velocity of communications is extreme. No IT or security team has a chance of keeping up pace with communications and manually reviewing everything.

  • Even if a team could keep up with the messages, files, and links being shared: They can't see them. Much of the communication occurring within a WeChat Work instance – as with on the WeChat messaging app itself – happens in private. One-to-one messages, with zero visibility for security teams.

  • This lack of visibility opens the door to all the risks of insecure collaboration: malware, ransomware, spear phishing, data leakage, etc., and then compliance risks including HR issues and cyberbullying.

Compounding this issue is the fact that any WeChat Work instance is intimately tied to its usersʼ WeChat messaging apps. This means that a company onboarding WeChat Work also onboards all the WeChat risks.

WeChat is Chinaʼs biggest digital platform, and a big arena for cybercriminals. WeChat is rife with scams and attempts at online fraud and identity theft. Outside China, cybercriminals are continuously developing banking Trojans that mimic WeChat.

spacing-1

A WeChat message could contain the following digital risks:

Due to the nature of the tight integration between WeChat and WeChat Work, any of these dangers could leak across and pose a threat to the Work instance.

WorkAnywhere_Stocksy176481

The Language Barrier

  • Enterprises need to monitor employee communications, and protect themselves from regulatory violations. They need to keep records of interactions, and safeguard themselves from threat vectors that present a risk of data leakage. This is hard enough to do with cloud channels in predominantly English-language markets. It's even harder with WeChat.
  • WeChat supports numerous Chinese dialects, including the major ones of Mandarin and Cantonese. In many exchanges, these could be fully or partially mixed in with other international languages. Any digital risk protection strategy aiming to achieve WeChat security needs to account for this linguistic reality. Achieving this security stance is required in order to properly audit conversations and capitalize on all business opportunities.

China-Specific Collaboration Considerations

On top of the WeChat Work risks that attend any collaboration platform, there are also a set of considerations that are unique to the Chinese market.

State Surveillance Issues

  • All documents, images, videos, recordings, and information processed and stored within WeChat Work are inevitably subject to the Chinese government's tight security and surveillance regulations.
  • The compliance issues that attend any collaboration tool are riskier in China than anywhere else. Companies that don't possess full visibility into employee interactions are in danger of violating China's strict censorship laws and other regulations – regulations that can often be difficult to parse.
  • To protect against compliance risks and audit requirements, meticulous archiving and record-keeping is more important than ever, but WeChat itself offers no such service. Employees could be communicating in ways that expose them to compliance and cybersecurity risks, and not know it.

Weak Content Controls

  • The WeChat platform has historically had weak content management capabilities. It can be difficult to control and manage access, users, departments, and messages. Unchecked users can post unmonitored/ungated content visible to unauthorized parties and departments. Lack of controls can lead to content being shared over insecure channels and networks. WeChat Work seeks to tighten up much of this, but the issues still hamper the interconnected WeChat messaging app.

Weak Group Controls

  • China has the largest population in the world but a small pool of surnames. The most common surnames in China – Wang, Li, Zhang, Liu, and Chen – are shared by 30% of the total Chinese population. Account supervision is critical to ensuring the right people have access to the right conversations.

The Language Barrier

  • Enterprises need to monitor employee communications, and protect themselves from regulatory violations. They need to keep records of interactions, and safeguard themselves from threat vectors that present a risk of data leakage. This is hard enough to do with cloud channels in predominantly English-language markets. It's even harder with WeChat.
  • WeChat supports numerous Chinese dialects, including the major ones of Mandarin and Cantonese. In many exchanges, these could be fully or partially mixed in with other international languages. Any digital risk protection strategy aiming to achieve WeChat security needs to account for this linguistic reality. Achieving this security stance is required in order to properly audit conversations and capitalize on all business opportunities.

How SafeGuard Cyber Can Help Secure WeChat Work

SafeGuard Cyber protects WeChat Work users from security threats and compliance risks via frictionless app integration for same-day deployment. No agent installation is required. The platform continuously scans communications for risk events, including spear-phishing, malware, malicious content, and compliance violations. Upon detection of any of these events, the platform will immediately alert security and/or compliance teams. Advanced machine learning prioritizes risks, so teams can focus on the events that matter most.

Key Features

  • Real-time content capture with full threaded conversation view in all conversation types: Direct Message, Group Chat, and Customer Group Chat
  • Rapid time to value, with same-day setup, no agent installation
  • Enhanced security including DLP and advanced malware analysis
  • Automated policy supervision or with award-winning machine learning
  • Integration with CrowdStrike Falcon

Business Benefits

  • Improve customer experience in Chinese-language markets
  • Secure internal group collaboration
  • Reduce oversight costs with automated security and compliance
  • Scale for any region and language (e.g., Mandarin, Cantonese, English, etc.)
  • Gain operational efficiency with enhanced visibility for security and compliance teams
spacing-1


WeChat Security

Regulatory Compliance

SafeGuard platform detects a DLP policy violation automatically to notify security teams

Asset 4xxxhdpi

SafeGuard platform detects a DLP policy violation automatically to notify security teams

test

Image

Getting Started

  • WeChat Work is currently available only for Mainland China enterprises, government bodies, and organizations.
  • The easiest way to open an account is from the backend of a verified WeChat Official Account.
  • Each organization can register a maximum of five accounts.
  • The person registering as the admin must have a WeChat account connected to a Mainland China bank account.
  • You can be the admin for up to five accounts. For large organizations with, for example, mostly independent business units, you can link multiple accounts together.
  • Within your WeChat Work instance, activate the Archive setting, which will archive content for only three (3) days natively, but will allow content to pass into the SafeGuard platform for analysis and longer retention.

 

WeChat Work Data Flow into the SafeGuard Cyber Platform

WeChat Work Data Flow_diagram-1

SafeGuard Cyber protects the human connections organizations need to thrive in a digital world. The cloud-based SafeGuard platform empowers the secure and compliant adoption of social, mobile, and cloud-based communication channels at the scale of global business. Built on innovative agentless architecture and award-winning AI analytics, the SafeGuard platform secures business critical communications, detects and stops cyber threats, and ensures compliance in real-time without disruption to natural workflows.

With SafeGuard, customers gain business agility with better security and time to value. Current customers include Global100 enterprises, small businesses, municipalities, and national governments.

spacing-1