Should CISOs Allow Employees To Use Social Media Messengers At Work?
If your boss walks by your desk, and you have an instant messaging service like Facebook Messenger, WhatsApp, Skype, Google Hangouts, or Slack open -- even if you're just innocently chatting with a coworker about an upcoming project -- you probably immediately switch tabs, don't you? It's strange, but most people don't yet recognize that employee messaging platforms are actually very beneficial for workplace productivity.
But I'm not here to debate whether or not you think instant messaging platforms are going to kill workplace email. Rather, I'm here to simply point out that the two services still share the same flaw: security concerns. Sure, the CEO might be happy that his teams are collaborating more efficiently, but the CISO should be worried, because most of these team messaging services aren't equipped with the proper cyber security measures and accordingly, are vulnerable to security attacks.
In fact, the leading cause of business security breaches are insider threats, not external ones. Of course, this isn't to say that employees are maliciously attacking their own companies and leaking sensitive information, but rather that employees are inadvertently misusing applications and devices (lost iPhones, stolen laptops...) that carry business confidential information, such as personal information about customers, about employees, or even secret intellectual property. It's then, once the information gets into the wrong hands, that cyber criminals are able to hack into the infrastructure of that particular organization. Unfortunately, most often, employees aren't properly trained and don't recognize that the seemingly innocent conversations they have online with their coworkers are still considered confidential business information. And, if their devices aren't locked, or the messages aren't highly encrypted, it's incredibly easy for even the most inexperienced cybercriminals to locate and exploit compromising information.
In January 2015, Facebook launched Facebook At Work, which is a platform that is pretty much what its name suggests it is. But it was quickly met with scrutiny from several information technology executives, who unsurprisingly called Facebook out for not equipping the service with even the most basic security measures.
It's for this reason that cybersecurity advocates, who recognize the potential for workplace productivity but would rather not compromise their security, are determined to develop secure messaging platforms.
There is, for example, Nuro Secure Messaging, an application that protects employee messages with four security layers: end-to-end security, encryption during transit, encryption at rest, and cognitive security that predicts future breaches. It can be used to chat with coworkers across the room, share attachments -- you can even drop your social security number and be more than certain that the information will stay protected (that is, if you trust your coworker). In addition, it's a company sanctioned messenger platform, owned by the organization that purchases it.
In addition, this past year, WhatsApp not only launched WhatsApp Web, so that users can chat via desktops, but also integrated Signal by Open Whisper Systems into their platform, which improves security by using end-to-end encryption and perfect forward secrecy (PFS). In simple terms, PFS protects messages written in the past from being decrypted in the future. In fact, consumer encrypted applications like this are often used by criminals and terrorists to hide from law enforcement. Edward Snowden is rumored to have used Signal as a mobile messenger service in the past, if that means anything to you.
Clearly, Snowden was onto something when he opted to communicate with others via secure messaging. It's important that businesses follow suit, especially today, when security breaches are unfortunately very common. In fact, according to a PwC report, in 2015, nine out of ten large organizations and three out of four small businesses experienced security breaches. This is up 81% and 60% from last year, respectively. This suggests, that if CISOs continue to permit their employees to chat on various unprotected social networks rather than secure ones, these incidents are certain to increase, and likely to happen to about all businesses this coming year. Let's hope this isn't the case.
Follow Jasmine Cohen on Twitter