Two decades ago, AOL Instant Messenger (AIM) changed the way we communicate. It was more private than a phone conversation — which was especially great if you worked in a cubicle — and the real-time nature of the conversations was big advantage over email when you needed an immediate answer. Its convenience, at the time, was unparalleled.

AOL officially shut down AIM in 2017, but its basic principles still drive electronic communications through mobile messaging apps. You don’t need to know someone’s phone number or email address; a connection through social media could be enough. Because they are cloud-based, we can use messaging apps anywhere, on any device, with or without IT approval.

However, as our dependence on mobile messaging increases in the workplace, so do the security risks. What IT and security departments don’t know about your messaging use could result in all sorts of cyberthreats, as well as General Data Protection Regulation (GDPR) violations.

Who Is Using Mobile Messaging Apps?

According to the “Mobile Messaging 2016” report from the Mobile Ecosystem Forum, 66 percent of workers have used a chat app to communicate with a business. When you count SMS apps, that number rises to 74 percent. Connections with health providers and financial institutions appear to be the most common consumer-to-business communications, and more than half of mobile users choose Facebook Messenger as their preferred app.

If consumers are using these apps to reach out to organizations, you can assume that your employees are doing the same — and likely on your network. If they’re communicating with other business operations for personal use, they’re likely communicating enterprise information via these same mobile apps.

Unfortunately, this is risky behavior. According to research from Infinite Convergence, 44 percent of employees use an unsecured messaging app during their work day. In fact, workers like the convenience of these apps so much that they convince themselves they are secure: 23 percent of respondents in the finance industry said they believe these apps represent the most secure form of communication, and 33 percent in the legal industry said that messaging apps are their preferred means of sensitive communications. The problem isn’t just that nearly half of users are communicating via unsecured apps, but that these apps aren’t built with security in mind.

How Can You Recognize the Risks?

Despite the rise of mobile messaging as a business communications tool, organizations have been slow to create security policies for the apps. As Computer Weekly reported, even as messaging apps have overtaken other forms of communication such as email and voice calls, 62 percent of companies have not changed their policies regarding employee messaging service usage in the past six month. Furthermore, the vast majority are using these apps on their own devices for business purposes, making security monitoring even more difficult.

At the same time, we’re seeing an uptick in the use of mobile messaging as a way to spread malware. For example, Trend Micro reported that threat actors are using Facebook Messenger to spread the FacexWorm malware, which is designed to steal passwords, and Kaspersky Lab reported a vulnerability in the Telegram messaging app that allows cryptojackers to spread malware and take over devices to mine certain types of cryptocurrency.

On top of everything are persistent GDPR concerns. Enterprises conducting business with European Union (EU) citizens must ensure the messaging apps they use are GDPR compliant. For that reason, many organizations in the EU have simply banned popular commercial messaging apps, according to GDPR.Report.

Why You Should Employ End-to-End Encryption

The harsh reality is that employees will continue to use mobile messaging apps as a favored form of business communication no matter how many policies and regulations forbid it. One possible solution is to implement end-to-end encryption to secure messages between only the sender and intended recipient.

However, encryption technology isn’t foolproof. If an attacker does manage to install keylogger malware, he or she can still pick up the input text from one end or the other. Plus, if the app is used across multiple devices, it dilutes the data security. Encryption works fine during a one-to-one chat, but it breaks down in group chats, as reported by SC Magazine.

In addition, encryption doesn’t address poor human behaviors. When malware and social engineering attacks are spread through messaging apps, we make the same mistakes we make when using email and social media. And individual encryption methods are occasionally cracked; be sure to periodically update organizationally approved end-to-end encryption technologies accordingly.

Chief information security officers (CISOs) and other security executives need to consider security policies that address the risks found in mobile messaging apps, either directly or through bring-your-own-device (BYOD) security policies. The better employees understand the risks to both network security and data privacy — and the options available to mitigate those risks — the safer use of these apps will be.

More from Data Protection

Heads Up CEO! Cyber Risk Influences Company Credit Ratings

4 min read - More than ever, cybersecurity strategy is a core part of business strategy. For example, a company’s cyber risk can directly impact its credit rating. Credit rating agencies continuously strive to gain a better understanding of the risks that companies face. Today, those agencies increasingly incorporate cybersecurity into their credit assessments. This allows agencies to evaluate a company’s capacity to repay borrowed funds by factoring in the risk of cyberattacks. Getting Hacked Impacts Credit Scoring As per the Wall Street Journal…

4 min read

IBM Security Guardium Ranked as a Leader in the Data Security Platforms Market

3 min read - KuppingerCole named IBM Security Guardium as an overall leader in their Leadership Compass on Data Security Platforms. IBM was ranked as a leader in all three major categories: Product, Innovation, and Market. With this in mind, let’s examine how KuppingerCole measures today’s solutions and why it’s important for you to have a data security platform that you trust. The Transformation of the Data Security Industry As digital transformation continues to expand, the impact it has had on enterprises is very apparent when…

3 min read

SaaS vs. On-Prem Data Security: Which is Right for You?

2 min read - As businesses increasingly rely on digital data storage and communication, the need for effective data security solutions has become apparent. These solutions can help prevent unauthorized access to sensitive data, detect and respond to security threats and ensure compliance with relevant regulations and standards. However, not all data security solutions are created equal. Are you choosing the right solution for your organization? That answer depends on various factors, such as your industry, size and specific security needs. SaaS vs. On-Premises…

2 min read

Understanding the Backdoor Debate in Cybersecurity

3 min read - The debate over whether backdoor encryption should be implemented to aid law enforcement has been contentious for years. On one side of the fence, the proponents of backdoors argue that they could provide valuable intelligence and help law enforcement investigate criminals or prevent terrorist attacks. On the other side, opponents contend they would weaken overall security and create opportunities for malicious actors to exploit. So which side of the argument is correct? As with most debates, the answer isn't so…

3 min read