In today's technologically advanced age, the boundaries between our professional and personal lives are blurring. This shift is largely due to two interconnected trends: the rise of Bring Your Own Device (BYOD) policies in workplaces and the increasing use of mobile messaging apps for business communication. While these developments offer undeniable benefits such as increased efficiency and reduced costs, they also present unique compliance challenges that need to be addressed.
This article will delve deep into these aspects, exploring how businesses can compliantly harness the power of these emerging technologies without compromising security or privacy. We will unpack how it is possible to allow employees to use tools like WhatsApp natively on their own device with little IT overhead or user friction.
A January 2022 report by Security Boulevard, a US-based media company, found that 59% of enterprises were using BYOD to enable mobile workers. IT organizations are motivated to move to BYOD primarily because of cost savings. Instead of purchasing and maintaining company-owned devices, companies can offload the cost of device procurement, maintenance, and upgrades to employees.
Employees love BYOD, meanwhile, because it allows them to use the latest device innovations in a form factor that they are already familiar with and prefer, leading to greater satisfaction and productivity.
Innovations aren't just happening at the device level; they're also happening at the app level, driving the popularity of apps such as WhatsApp as a business tool. Messaging apps have evolved beyond text-based communication, providing users with a wide range of ways to better engage with customers. Multimedia content such as photos, videos, GIFs, and stickers make richer conversations. In-app voice and video make it easy to interact with clients by enabling users to make audio and video calls directly from the messaging app.
Additionally, group messaging has become an essential feature, allowing users to set up groups, add participants, and have group conversations to quickly answer questions. These innovations are driving results, as experienced by a large global pharmaceutical company that switched from email to WhatsApp outreach healthcare professionals:
Mobile innovations are driving employee productivity and corporate results. But here’s the thing: they can be a double edged sword if compliance programs don’t keep pace with them.
With mobile messaging outperforming email for client engagement, it's easy to see why employees might use it even if it's not sanctioned.
Regulators caught up to this reality and found this type of “off-channel” communications pervasive in the financial services industry – to the tune of more than $2 billion in settlements over the last two years with a dozen global financial firms. These companies cooperated with the investigation by gathering communications from the personal devices of a sample of the firms’ personnel. Most phones were the property of senior and junior investment bankers and debt and equity traders, it was found that in some cases, supervisors and senior executives responsible for ensuring compliance with the firms’ communications policies themselves violated the firms’ communication policies.
So how can companies sanction mobile apps to compliantly harness their power? It isn’t an easy task:
This industry sweep has highlighted:
Many IT organizations consider two options when confronted with this new challenge:
The good news? There is a third option.
SafeGuard Cyber offers the option of using tools like WhatsApp natively on the employee's device with little IT overhead or user friction.
In this approach, employees opt-in via their personal WhatsApp accounts. No agent is required. Instead, the user receives an email, requesting authorization to monitor their account via the scan of a QR code. Once authorization is granted, the SafeGuard Cyber platform begins collecting messages directly from WhatsApp via a software integration that is transparent to the user.
The native WhatsApp experience is unchanged for the user and their privacy is protected because only business-related messages are processed via SafeGuard Cyber’s unique Selective Processing and Archive feature.
SafeGuard Cyber captures all WhatsApp messaging including deleted content, texts, emojis, GIFs, file attachments and metadata. However, Selective Processing and Archive only supervises and archives sessions that involve known business contacts identified within the SafeGuard Cyber platform. Messages within a session between the employee and an unknown person or group are ignored and discarded.
This approach ensures that employees retain the native WhatsApp experience while the enterprise is able to supervise the WhatsApp conversation and meet recordkeeping requirements. This is accomplished while respecting employee privacy, preventing user friction, and without causing IT burden.
Ready to ensure SEC compliance? See our solution in action!