Mike Foreman, European Managing Director of Nuro Secure Messaging discusses how younger “tech natives” entering the workplace are bringing their mobile messaging habits with them, its implications for security and compliance and what businesses can do about it.
Despite the Bring Your Own Device (BYOD) phenomenon being with us for a number of years now employers are still wrestling with how best to manage all the security risks that go with it. Their plight is not helped by the bewildering array of competing solutions on the market promising to help them. Solutions ranging from mobile device management (MDM) to single sign on (SSO) and Desktop-as-a-Service to name but a few do offer some answers. But the fact that no one solution is yet able to lay claim to being a truly comprehensive, one-size-fits-all approach is holding back widespread adoption.
Meanwhile, even as those more forward-thinking businesses start to get a better grip on BYOD one aspect – mobile messaging or group chat – is still being largely ignored. Most businesses allow employees free rein to use their devices for group messaging with colleagues and friends and have been slow to wake up to the attendant risks.
Beginning of the end for email?
Younger “tech native” employees are entering the workplace and they are bringing their mobile messaging habits with them. Mobile messaging is the natural way for this age group to communicate. According to a study by the Nielson group 97% of employees report an increasing reliance on group messaging tools in the workplace.
Not that there’s anything wrong with mobile messaging per se. In many ways it is preferable to email. Email’s openness to hackers using spam to trick their way into corporate networks has long been its Achilles heel. The 2016 Verizon report into data breaches documents nearly 10,000 incidents (including 916 confirmed breaches) that could be traced to simple phishing attacks. In almost every case the breach occurred when an employee inside the victim organisation clicked on a malicious email link or attachment. Verizon estimates that around 30 percent of phishing messages are opened out of which 12 percent click links that take users where the attackers want them to go.
In light of this the fact employees are increasingly turning to their favourite messaging applications like WhatsApp, iMessage or Facebook Messenger as a cool and convenient way to discuss tasks with a colleague or groups of colleagues is in some ways a welcome development. For example it’s arguably more efficient than email and certainly more productive.
The main issue for employers is that, without a corporate messaging platform, mobile messaging is an entirely unregulated medium. And there are good grounds for concern. The Nielsen study found that of the 97% who use team messaging in the workplace, 75% send important and confidential work-related documents, while 21% admit to sending work related commercial information to friends outside the workplace. With no visibility into the conversation employers are left exposed to the possibility of a breach in compliance or even sensitive data leakage.
Sensing that consumer apps are not really suitable for business a number of new market entrants specifically targeted at the enterprise have recently emerged. Promising to deliver all the productivity benefits of consumer messaging apps but with the ability to manage and integrate them with other enterprise tools has helped these mobile messaging platforms become quite trendy in some quarters. To date they have mostly focused on productivity while the issue of security has been largely set aside. This can have consequences. For example, one early adopter, Uber, was recently reported as having had to ditch its work chat application because it lacked the identity and security standards needed for a global enterprise.
This experience shows that being hip, cool and trendy is no substitute for having true enterprise-class security credentials behind you. Sooner or later employers will want to engage with the conversation and this means they will expect their chosen mobile messaging platform to provide the IT department with sufficient visibility to ensure compliance policies and security requirements are met at all times.
What employers want is a product that blends the cool, convenient consumer experience popular with users with the centralised administration and security demanded by enterprise IT departments. Presently Nuro is alone in the UK in our ability to deliver all of this, helping enterprises to resolve at least one aspect of the BYOD conundrum in the process.