SafeGuard Cyber Blog

Ephemeral Messaging Apps Demand Archiving | SafeGuard Cyber

Written by SafeGuard Cyber | Jun 5, 2023 10:31:53 AM

Communication has shifted profoundly, and companies are long past an email paradigm. Encrypted and ephemeral messaging apps like WhatsApp, Signal, and Telegram now offer new, secure avenues for business communication. 

However, this paradigm shift has brought about unique challenges, particularly around record-keeping and compliance – as highlighted by recent Department of Justice communications. The default features of many new apps inherently create compliance issues.

How can companies embrace the ephemeral messaging apps that make the world go round, without worrying about noncompliance and heavy fines? With solutions that capture even deleted content, without compromising employee privacy.

Ephemeral Messaging: A Double-Edged Sword

Ephemeral messaging apps like WhatsApp are fantastic communication tools. And for any professional, the easiest way to use these apps is simply to use their own device; the one on which they’re already using the app, so simply need to add a contact.

The convenience of this has led to the emergence of Bring Your Own Device (BYOD) policies. And this increasing use of mobile messaging apps for business communication is reshaping the professional landscape. As a January 2022 report by Security Boulevard found, 59% of enterprises leverage BYOD to enable mobile workers.

However, the ephemeral messaging apps that we all know and love have an intrinsic feature: automatic deletion of messages after a short period. While enhancing privacy, this feature complicates matters for businesses mandated to retain their communications. This is a problem on a company device; it’s an even bigger one on a personal device, where access is limited for compliance teams.

Senior Department of Justice (DOJ) officials have taken note of this, raising concerns over legal and compliance risks linked to these apps. Key among these is a company's capability to archive and access communications on these platforms, especially during an investigation.

The High Stakes of Non-Compliance

Non-compliance with data preservation regulations is more than just a breach of protocol—it can carry dire financial implications. Case in point, in 2022, a staggering $1.8 billion settlement was reached between the SEC, the CFTC, and a group of 15 broker-dealers and an investment adviser. Their misstep? A failure to preserve electronic communications, including off-channel messaging communications like text messages and messaging apps.

This situation should serve as a stark warning to organizations. While it might be tempting to turn a blind eye to the use of personal messaging apps for professional purposes, the reality is that regulators have caught up. The financial services industry, in particular, has come under increased scrutiny for the use of "off-channel" communications. Over the past two years, there have been settlements exceeding $2 billion involving global financial firms.

Even well-meaning employees who use ephemeral messaging apps and other unsanctioned platforms to communicate with clients more effectively can inadvertently put their companies at risk. Investigations revealed that in some cases, supervisors and senior executives, who were supposed to ensure compliance, were among those violating communication policies. Such actions may lead to heightened scrutiny and potential criminal liability, posing a significant threat to an organization's reputation and financial health.

Furthermore, if companies were to revert to an outdated system such as the Choose Your Own Device (CYOD), in which employees are limited to pre-selected devices, this can lead to employee dissatisfaction and increase IT burden. Each device needs to be supported, managed, and updated, increasing support complexity and overhead costs.

Therefore, the cost of non-compliance extends beyond financial penalties. It also includes the potential loss of trust from clients and employees, damage to corporate reputation, and increased burden on IT departments. The importance of proper archiving in this landscape cannot be overstated—it has become not just a regulatory requirement but a business imperative.

Ensuring Compliance Without Compromise

The drive towards compliance doesn't need to be a hindrance to innovation. In fact, it's entirely possible to maintain regulatory adherence without stifling the way employees communicate or limiting the technologies they can use. Achieving this delicate balance is where SafeGuard Cyber truly excels.

SafeGuard Cyber's approach tackles this challenge head-on, enabling businesses to use powerful communication tools while ensuring compliance. By allowing employees to use ephemeral messaging apps like WhatsApp natively on their devices, the burden on IT is minimized, and user friction is significantly reduced.

Employees opt-in via their personal messaging app accounts, providing authorization via a simple scan of a QR code sent to their email. Once granted, the SafeGuard Cyber platform begins collecting messages directly from the app through a transparent software integration. This approach ensures that the native messaging experience remains unchanged for the user, protecting their privacy by only processing business-related messages.

The comprehensive nature of SafeGuard Cyber's capture feature provides robust support for compliance. It captures all messaging content, including text, emojis, GIFs, file attachments, and even deleted content. However, the unique Selective Processing and Archive feature only supervises and archives sessions involving known business contacts identified within the SafeGuard Cyber platform. Messages within a session between the employee and an unknown person or group are ignored and discarded.

This elegant solution strikes a balance between ensuring corporate compliance and respecting employee privacy. It safeguards the company from non-compliance risks while enabling employees to communicate freely and effectively, demonstrating that modern compliance solutions can adapt to today's digital communication trends without compromise.

By facilitating a seamless balance between compliance and communication, SafeGuard Cyber empowers companies to leverage the full potential of modern ephemeral messaging apps, mitigating legal and compliance risks while enhancing business communication.

The Essential Role of Archiving in Today's Digital Communication Landscape

In a world where 58% of organizations view compliance as a barrier to entering new markets and 45% of business communication occurs outside email, archiving has evolved into a business necessity. 

The repercussions of non-compliance can be severe, and as the communication landscape continues to evolve, businesses must stay vigilant, proactive, and compliant. With SafeGuard Cyber, businesses can meet their compliance obligations head-on while respecting their employees' privacy.

SUMMARY:

  1. Business communications have shifted from email to many more channels.

    • This brings about a new risk with record-keeping and compliance. 

    • Many new channels of communication have default features that break compliance.

  2. Solution: product that captures all content while keeping employee privacy

  3. Professionals have recently been able to use their own devices (BYOD)

    • Can create even an even larger compliance issue 

High stakes:

  1. Breaches of compliance can lead to massive fines

  2. A common alternative is choose your own device (CYOD) where employees can choose from pre-selected devices:

    • Leads to employee dissatisfaction, and higher demand for IT help

Compliance without compromise:

  1. Implementing doesn’t change anything regarding employee communication
  2. Simple setup, opt-in, transparent integration
  3. Contains selective processing: understands which messages surround business contacts and only archive those

Ready to ensure SEC compliance? See our solution in action!