Emails demise raises security concerns about messaging
Email response times are getting faster, according to a report put out by the University of Southern California. People between the age of 20 and 35 respond within 16 minutes on average. The problem for email is that’s just not fast enough anymore.
Today email is being replaced by rapid fire messaging services. These allow users to chat in free form and coordinate minute details at a higher speed and volume than other communication methods. Because there are so many varieties of messaging services it is hard to statistically describe average response rates and times, but we do know that text messages are usually responded to within 90 seconds. We also know that Millennials spend close to two hours messaging every day.
This trend hit the global workforce and caught it off guard. Today, professionals will frequently opt to use a messaging app on their phone or computer to coordinate with a coworker or client. Unfortunately, because companies do not always provide messaging services, employees resort to using their own.
Enormous volumes of business is now done via private text messaging, communication which could contain sensitive information. Recent stories of emergency responders coordinating by group text messaging, doctors sharing medical information by Snapchat, and bankers being fined for communications sent via WhatsApp are just the tip of the iceberg.
An entire new ecosystem for communication has sprouted up and most business have no idea which controls they need to have in place. But they need to, because compliance laws, security breaches, and other concerns abound.
Sean Nolan, security expert and founder and CEO of Blink, says there are four primary issues companies need to look at when assessing the quality of a messaging service.
“Because there are so many companies pushing their messaging services, it is easy to get lost in features. But most of these apps are based on the same technology backbone, which is typically 30 year old legacy protocols. As a result, they have very limited security, data ownership and compliance capabilities. When assessing a messaging platform, look for compliance dashboards, data ownership, range of use, and encryption. Those four issues are central to ensuring the security of your company’s data.”
Different industries have different compliance standards. Violating those standards can result in significant repercussions, particularly for companies that operate in finance, medicine, or defense. A messaging service should know whether its technology meets compliance standards for different sectors and should readily provide that information.
“Being compliant is a selling point for a messaging service, so if they are not forthcoming with it, that’s a bad sign,” asserts Nolan.
Data security is now a tier-1 preference among technology consumers, particularly in the corporate world. Years of high profile hacks and data leaks have revealed that it matters how you secure your data and who you trust with it.
Evan Schuman writing for Computerworld asks, “Do your contracts with cloud vendors include language limiting what they can do with the highly sensitive data they will be able to access?
…most B2B contracts do more to protect the confidentiality of the contract itself than the boatloads of sensitive data the contracting party is about to turn over.”
Messaging services transmit some of the most sensitive information a company has: passwords, addresses, PIN codes, and so on. Where that data is stored matters. Does the messaging service store it on a central server? Can it be locally stored on the end user’s network? Does the end user get to elect where their data is stored?
A messaging service breaks down as soon as its users have to switch to a different channel to communicate with vendors outside of the organization. The consultant isn’t on the company’s chat platform? Why not send her a WhatsApp message? In order to ensure that important company information is being transmitted securely everywhere, the messaging service needs to be able to flexibly extend to external parties.
This is more complicated than simply creating a login for the new user – special consideration must be paid to how to secure the data now leaving the walls of your organization. A quality messaging service should have fully secured solutions that take into account data governance and compliance protocols for third parties.
If you did not make your own encryption keys, then you are not the only person who can access your data. Whoever has the keys has the power to un-encrypt your data, so hopefully they have them tucked away somewhere very safe. Additionally, many messaging services that offer end-to-end encryption still capture metadata. So when considering which service to go with, simply offering encryption is not the whole ball game.
“Many compliance protocols now require end-to-end encryption, which is quickly becoming the industry norm,” explains Nolan. “What good messaging platforms are now offering is the ability to make your own encryption keys. That means the only people who can un-encrypt the data are within the organization, which is optimal.”
As chat surpasses email in workplace relevance, keep these issues in mind. Securing company data requires extra diligence.