Self-Hosted Messaging: State-Of-The-Art Data Security For Organizations
Roman Flepp, Marketing Director and Member of the Board at Threema says , unsecured instant messaging via smartphones is one of the riskiest channels for data breach, data theft or misuse in organizations and a corporate grade messaging app is the answer to ensuring the highest security standards
Over the past decade or so, organizations have rapidly embraced the amenities of digital technology, with instant messaging being one of the most visible exponents of this trend: an alternative to e-mail or collaboration tools, instant messaging is an easy-to-use and feature-rich alternative. It can handle a variety of different formats (e.g., voice, video, text, files), enabling organizations to hold collaboration sessions, business briefings or video conferences with employees and/or customers. Smartphones have become a key tool to support travelling co-workers, improve information flows and customer satisfaction.
Nevertheless, the use of smartphones for business purposes is not exempt of risks. Cyberattacks are on the rise and for many organizations, public or private, keeping unwanted digital intruders at bay has become a part of their daily routine. While distributed denial of service (DDoS), phishing, password attacks or ransomware are among the most common threats , studies also show that together with e-mail and cloud file sharing, unsecured instant messaging via smartphones is one of the riskiest channels for data breach, data theft or misuse in organizations .
Encryption is not enough
A surprisingly large number of organizations still work with consumer-grade messengers; when asked about data privacy, they point at end-to-end encryption (EE2E), a standard practice that makes sure that only the sender and the recipient have access to the contents. However, even the best encryption is no guarantee against «data leakage»: Some of the most popular consumer apps systematically collect and process sensitive user data for advertising and marketing purposes; their business models are based on gathering large amounts of metadata that may include information about the location, time and duration of the communication, telephone number and IP address, meaning that the data privacy of executives and/or other staff can be compromised.
On the other hand, organizations have little or no control over the privacy settings on mobile phones of employees; most consumer apps simply fail to meet enterprise-grade communication safety standards. Did you know that 90% of phishing attacks on messenger apps are carried out via WhatsApp?
Corporate grade messenger for business
Communication is at the risk of being intercepted and organizations should be aware that mobile devices are a weak spot, constantly targeted by cybercriminals. A simple click on a message crafted by a fraudster posing as a partner/client/supplier can effectively render a company inoperative for days or weeks. Under most regulatory frameworks, a data breach is likely to draw the attention of authorities and can trigger huge fines. Meanwhile, negative headlines and the potential reputational damage can be devastating. Therefore, organizations cannot afford to run the risk of data breach/theft.
The first step to armor instant messaging on mobile phones against unwanted intruders consists in replacing consumer apps by a secure communication channel. A corporate-grade messaging app ensures the data privacy of its users and comes with a set of features that allows IT administrators to control, secure and enforce policies on employee devices with a wide set of configurable parameters (e.g., BYOD readiness, broadcast, polls). In everyday business, it supports closed user groups, E2EE for all user data, files, images, videos, group calls/videos. During emergencies, when other systems can be down, a dedicated messenger serves as a secure and efficient team communication tool.
Absolute data ownership
Critical organizations (e.g., government agencies, infrastructure sectors, financial institutions) who routinely handle sensitive information might consider a self-hosted communication solution that provides full control over data, server, and software. An independent and completely self-contained chat environment protects against industrial espionage, malware, CEO Fraud, phishing, ransomware, and other threats. By gaining absolute data ownership, businesses can ensure the highest security standards while complying with all the legal requirements for corporate communication.
Self-hosting requires a certain technical knowledge and investment, though it can be part of a successful cybersecurity strategy that helps protecting businesses against bad actors. In a recent poll among CISO’s around the world, a whopping 90% indicated that their organization had suffered a disruptive attack over the past twelve months. In this context, it is easy to see how data privacy and security have advanced from an IT-issues to priority topics in boardrooms. By design, a self-hosting solution drastically lowers the chances of being attacked and thus helps preventing cybercrime. Why not be a part of the remaining 10%?