Three steps to create secure instant messaging within your organisation
Instant messaging (IM) applications are now a given in the modern enterprise. In fact, according to this article in Wired magazine, they are almost as old as the Internet itself! It’s easy to see why instant messaging applications are popular - they are quick to use, less formal than email and allow for instantaneous communication. Users can see immediately when their colleagues are online, share files quickly and collaborate easily via group chats. These applications also allow them to work remotely and/or on the go.
But in the ying and yang of technology solutions, for every positive attribute, there’s an opposing risk. And in the case of instant messaging applications it’s all about the security. If the IM platform is not secured, it is not being monitored. And if it’s not being monitored that means that the IT department has no visibility over what’s being shared. And with GDPR now in force, this could present a big problem, as information that leaves an oganisation without the knowledge and control of the IT department will have serious implications from a record-keeping standpoint.
For these reasons IT teams need to put measures in place to ensure that IM data leakage, compliance and security concerns are appropriately addressed. Below, are the top three ways to do this:
Education, education and more education
Employers have a duty to ensure that their employees are aware of the risks of using IM and that they take adequate precautions to stop data loss or compliance failures. Employees should be taught IM best practices as the first to ensuring that everyone follows basic rules and are clear about the guidelines regulators and law enforcement agencies have in place with regard to IM communications. They must be made aware of the risks of sending a message to the wrong person and that certain types of data should not be transferred via IM. Ignorance is no defence for breaking the law.
Consider mobile security software
Messaging apps have the potential to be misused by malicious insiders who want to leak sensitive data. Careless employees also present a risk. They may share sensitive information with the wrong person by accident, and not even realise. There are also well documented concerns as to whether messages sent via IM are open to interception via encryption backdoors.
To counter these risks, IT teams can use mobile security software. Mobile device management (MDM), for example, allows IT teams to lock down, control, encrypt and enforce policies on employee phones. There is also mobile application management (MAM), which enables IT teams to lock down, control and secure specific corporate applications, without impacting a user’s personal apps.
Initiate secure IM services
Some vendors are starting to provide ‘corporate versions’ of their solutions (e.g. Slack Enterprise) that could help meet employee messaging needs while helping IT teams take back control. These solutions tend to have multi-factor authentication, built in anti-virus and end point monitoring, meaning that IT teams can create secure IM networks that allow their employees to collaborate efficiently and easily.
Ultimately, IM tools can help improve productivity, enable employees to become more responsive and better support mobile and remote workers – but not at the expense of IT security. Organisations must ensure that they have the proper security protections and controls in place to prevent data breaches and compliance issues.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.
- » Enterprise open source usage soars aligned with cloud strategies, argues Red Hat
- » Actions speak louder than words: Moving from digital transformation to ‘data transformation’
- » For a truly customer-centric model, we need to solve the ‘last mile’ of AI
- » Unqork secures $51 million in series B funding to further no-code enterprise mission
- » Cybersecurity firm Deep Instinct announces $43 million series C funding to boost growth