How to Avoid Billion Dollar Fines for Unsecure Messaging Apps

In September, the US Security and Exchange Commission (SEC) issued $1.8 billion in fines to some of Wall Street’s largest banks for their inability to keep private information secure when using internal communications. These banks, including Barclay’s, Bank of America, Citigroup Global Markets, Goldman Sachs, JP Morgan Chase and others, were issued these fines for their “widespread and longstanding failure to maintain and preserve work-related electronic communications,” according to a 451 Investigation report.

Although financial institutions were the last to be affected, this is not an isolated incident. Businesses across all industries are at risk of data compromise through untrustworthy messaging apps. And with the rise of remote and hybrid work environments and the adoption of bring-your-own-device (BYOD) practices in the workplace, data breaches and ransomware attacks are on the rise. The 451 Research report states that 68% of employees use their personal smartphones for both personal and business purposes, putting company and customer data at risk.

To avoid paying millions or even billions of dollars in fines in these cases, companies should consider the risks of using unsecure messaging apps in the workplace and adjust their practices accordingly.

Risks that unsecure messaging apps pose to businesses

While messaging apps are convenient and allow for quick work and communication, they are not always the safest route. Popular workplace apps are Microsoft Teams, Slack and WhatsApp.

Teams and Slack are built for collaboration and integration within their enterprise application ecosystem. They are not inherently built for secure business communications that meet strict legal and compliance requirements such as GDPR, HIPAA and more. WhatsApp is a consumer-grade app made for communicating with friends and family, not necessarily for work-related content.

When using such apps, the transfer of data, files, attachments and common conversations can fall into the hands of hackers. These applications are not end-to-end encrypted, which means that the messages can be decrypted and opened or read before the recipient has opened the message.

In addition to messages, information stored in these apps is also up for grabs. WhatsApp is under fire for numerous breaches over the past year. A recent This breach has made the profile data of nearly 500 million users accessible to hackers and scammers, leading to phishing attacks and identity theft.

Insecure communication can lead to major problems for companies. Reputations can be dismantled, operations can be stopped and large amounts of money can be lost.

Importance of compliance

In addition, these apps do not always meet industry standards. These standards are designed to prevent a company from exploiting the personal and private information of its customers and also to prevent the company from being held liable.

Common compliance and privacy requirements include HIPAA, GDPR, and FINRA. Maintaining a high standard of compliance helps an organization’s employees build trusting relationships with their external partners and customers. Companies in the healthcare, banking, and legal industries should all consider these requirements when adopting a messaging platform for their employees.

Those industries are most at risk of cyberattacks because they hold the information most valuable to hackers. Personal identification and bank details are the crème de la crème of a hacker. The biggest data breach in healthcare 2022 came in October when nearly three million Advocate Aurora Health patients submitted their personal health information (PHI) to Meta/Facebook due to a coding error. The second largest incident of the year occurred at SightCare, Inc. and was the result of a successful hacking attempt.

This year, the price of a HIPAA violation has been increased to adjust for inflation. HIPAA violations are now subject to fines up to $60,226 per violation and up to $1,919,173 per calendar year. Unless a company has a few hundred thousand extra to spare for fines, they can’t afford to be non-compliant.

What makes a messaging platform secure and compliant

An ideal messaging platform used in the enterprise has fully encrypted protocols meaning that no message or file, not even the tiniest piece of data, is at risk. Knowing that companies often work with outside groups, it is paramount that information shared between teams will not be intercepted or distributed to third parties.

Platforms may have different levels of encryption, but few are end-to-end encrypted, which is the gold standard for security. In addition to being fully encrypted, a workplace platform must be under the control of the CIO or IT staff. They need to be able to control who has access to the medium and intervene if there are red flags for security threats or breaches. Business communications include emails, direct messages, and video and voice calls.

In a rapidly changing world, an organization’s communications technology must be updated in real time to defend against the latest threats. This also means adhering to the latest compliance regulations.

It can be difficult to find the secure and compatible messaging app that works best for an enterprise. As long as it ensures that the one being used is fully encrypted, customizable, up-to-date with compliance and under the control of trusted IT staff, an enterprise should not be at risk of financial burden or business disruption from data breaches or cyber-attacks.

Anurag Lal is CEO and Chairman of NetSphere.