Comment: What’s up with WhatsApp for the legal sector?

By Steve Whiter, Director, Appurity

Probably the most well-known (and most used) text and voice messaging apps, WhatsApp is beloved by both personal and business users alike. With both end-to-end encryption and relatively robust levels of privacy, it is particularly prevalent within businesses that demonstrate high levels of mobile usage. Indeed, it is used by millions of companies worldwide and saw a particularly strong year of growth last year, largely driven by the COVID pandemic. However, at the start of the year WhatsApp made an announcement regarding its privacy policy which sent ripples amongst its user base. So, what’s up?

In its announcement, WhatsApp stated that they reserved the right to share data such as phone numbers, IP addresses, and payments made through the app with Facebook and other Facebook-owned platforms (such as Instagram). In addition, they pointed out that if people were to use WhatsApp to talk with businesses that use Facebook’s hosting technology to manage those chats, those messages could subsequently be used by the business to target people with ads on Facebook. Clearly game-changing stuff. Unsurprisingly then, in response to WhatsApp’s announcement, the demand for substitute messaging services such as Telegram and Signal has taken off.

However, the appearance of these alternate communications tools gives businesses a new set of challenges to grapple with. New messaging services give rise to the need for IT departments to fully review and comprehend the security features built into such apps. All of this comes at a time when businesses are having to come to terms with the challenges of remote working or working from home (WFH). A different suite of messaging tools being used by an increasingly remote workforce, highlights the potential security gaps or breaches when your people are using apps outside the historical control of IT departments. Therefore, it is imperative that business owners everywhere take stock of their internal processes and practices for optimising privacy and security. This is particularly relevant for the financial and legal sectors who have a uniquely heavy burden when it comes to compliance – monitoring sensitive communications has to comply with global industry regulations. So how can firms guarantee high levels of privacy and security?

Increasingly, people are relying on apps for a variety of business and personal needs – but how is data being stored and shared? Don’t forget, even multi-national organisations with sophisticated apps can fall prey to hacking – just look at all the high-profile data breaches from the last few years. You need to have full confidence in the transparency and security of apps that your people are using. As challenging as this might be normally, the WFH landscape we currently live in means that your people need access to a variety of additional apps. In addition, the same people will likely be transitioning seamlessly between business and personal use. Does your IT department have complete knowledge of all the apps (and their potential vulnerabilities) that are being used by your people in every corner of the business?

You should start by conducting an app security assessment. This helps to identify and evaluate the threats and potential vulnerabilities within the apps being used by your people. With an increased level of understanding regarding how your firm is using mobile apps (and associated risks), you are then able to develop a strategy to protect data, secure mobile devices and avert security breaches. Don’t forget, you are protecting your brands reputation as well as meeting industry compliance requirements. Understanding any potential threats or vulnerabilities helps you to develop a proactive approach to securing data and devices.

But firms have a number of solutions at their disposal in order to secure their mobile messaging tools, whilst optimising privacy across business communications and operations. Whether or not firms decide to stop using WhatsApp, they still require the flexibility to conduct business matters via messaging apps without compromising on security. One useful solution is VoxSmart’s WhatsApp Capture. This offers a further layer of security to mobile communications by capturing all voice and text messages in real-time. Recording messages via a mobile capture app is especially opportune for the legal sector. And solutions like this highlight the importance of being able to account for business conversations that can be easily retrieved – both for adhering to global industry compliance and for the smooth running of business operations.

If you are looking to ensure that personal information is protected, then investigate messaging apps that require only an email address (without further additional personal details) for sign up. We understand that many firms might be concerned by the impending privacy and security changes to messaging apps. Our App Security Assessment helps firms to allay any such concerns by assessing, understanding, and mitigating the risks associated with all apps used across their organisation.

With WhatsApp’s privacy changes on the horizon, a renewed interest in alternate messaging services, and the challenge of how to manage and evaluate the risk of shadow IT, means that firms should be fully equipped with solutions that will protect their best interests, in every way.

Steve has been in the industry for just over 20 years and for the past seven, has utilised his close working relationship with BlackBerry, Samsung, Apple and MobileIron to assist corporate and public sector organisations with their mobility needs.