Two decades ago, AOL Instant Messenger (AIM) changed the way we communicate. It was more private than a phone conversation — which was especially great if you worked in a cubicle — and the real-time nature of the conversations was big advantage over email when you needed an immediate answer. Its convenience, at the time, was unparalleled.

AOL officially shut down AIM in 2017, but its basic principles still drive electronic communications through mobile messaging apps. You don’t need to know someone’s phone number or email address; a connection through social media could be enough. Because they are cloud-based, we can use messaging apps anywhere, on any device, with or without IT approval.

However, as our dependence on mobile messaging increases in the workplace, so do the security risks. What IT and security departments don’t know about your messaging use could result in all sorts of cyberthreats, as well as General Data Protection Regulation (GDPR) violations.

Who Is Using Mobile Messaging Apps?

According to the “Mobile Messaging 2016” report from the Mobile Ecosystem Forum, 66 percent of workers have used a chat app to communicate with a business. When you count SMS apps, that number rises to 74 percent. Connections with health providers and financial institutions appear to be the most common consumer-to-business communications, and more than half of mobile users choose Facebook Messenger as their preferred app.

If consumers are using these apps to reach out to organizations, you can assume that your employees are doing the same — and likely on your network. If they’re communicating with other business operations for personal use, they’re likely communicating enterprise information via these same mobile apps.

Unfortunately, this is risky behavior. According to research from Infinite Convergence, 44 percent of employees use an unsecured messaging app during their work day. In fact, workers like the convenience of these apps so much that they convince themselves they are secure: 23 percent of respondents in the finance industry said they believe these apps represent the most secure form of communication, and 33 percent in the legal industry said that messaging apps are their preferred means of sensitive communications. The problem isn’t just that nearly half of users are communicating via unsecured apps, but that these apps aren’t built with security in mind.

How Can You Recognize the Risks?

Despite the rise of mobile messaging as a business communications tool, organizations have been slow to create security policies for the apps. As Computer Weekly reported, even as messaging apps have overtaken other forms of communication such as email and voice calls, 62 percent of companies have not changed their policies regarding employee messaging service usage in the past six month. Furthermore, the vast majority are using these apps on their own devices for business purposes, making security monitoring even more difficult.

At the same time, we’re seeing an uptick in the use of mobile messaging as a way to spread malware. For example, Trend Micro reported that threat actors are using Facebook Messenger to spread the FacexWorm malware, which is designed to steal passwords, and Kaspersky Lab reported a vulnerability in the Telegram messaging app that allows cryptojackers to spread malware and take over devices to mine certain types of cryptocurrency.

On top of everything are persistent GDPR concerns. Enterprises conducting business with European Union (EU) citizens must ensure the messaging apps they use are GDPR compliant. For that reason, many organizations in the EU have simply banned popular commercial messaging apps, according to GDPR.Report.

Why You Should Employ End-to-End Encryption

The harsh reality is that employees will continue to use mobile messaging apps as a favored form of business communication no matter how many policies and regulations forbid it. One possible solution is to implement end-to-end encryption to secure messages between only the sender and intended recipient.

However, encryption technology isn’t foolproof. If an attacker does manage to install keylogger malware, he or she can still pick up the input text from one end or the other. Plus, if the app is used across multiple devices, it dilutes the data security. Encryption works fine during a one-to-one chat, but it breaks down in group chats, as reported by SC Magazine.

In addition, encryption doesn’t address poor human behaviors. When malware and social engineering attacks are spread through messaging apps, we make the same mistakes we make when using email and social media. And individual encryption methods are occasionally cracked; be sure to periodically update organizationally approved end-to-end encryption technologies accordingly.

Chief information security officers (CISOs) and other security executives need to consider security policies that address the risks found in mobile messaging apps, either directly or through bring-your-own-device (BYOD) security policies. The better employees understand the risks to both network security and data privacy — and the options available to mitigate those risks — the safer use of these apps will be.

More from Data Protection

Data Privacy: How the Growing Field of Regulations Impacts Businesses

The proposed rules over artificial intelligence (AI) in the European Union (EU) are a harbinger of things to come. Data privacy laws are becoming more complex and growing in number and relevance. So, businesses that seek to become — and stay — compliant must find a solution that can do more than just respond to current challenges. Take a look at upcoming trends when it comes to data privacy regulations and how to follow them. Today's AI Solutions On April…

Defensive Driving: The Need for EV Cybersecurity Roadmaps

As the U.S. looks to bolster electric vehicle (EV) adoption, a new challenge is on the horizon: cybersecurity. Given the interconnected nature of these vehicles and their reliance on local power grids, they’re not just an alternative option for getting from Point A to Point B. They also offer a new path for network compromise that could put drivers, companies and infrastructure at risk. To help address this issue, the Office of the National Cyber Director (ONCD) recently hosted a…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

How the CCPA is Shaping Other State’s Data Privacy

Privacy laws are nothing new when it comes to modern-day business. However, since the global digitization of data and the sharing economy took off, companies have struggled to keep up with an ever-changing legal landscape while still fulfilling their obligations to protect user data. The challenge is that there is no one-size-fits-all solution regarding data privacy's legal requirements. Depending on the location and jurisdiction, data privacy laws can vary significantly in terms of scope and enforcement. But while the laws…