Nobody could have predicted how much COVID-19 would affect our daily lives, including the impact it would have on the way in which we do business.
With companies having staff work from home wherever possible, digital communications became an absolute necessity to keep many businesses open. This shift to a new way of working saw professionals using consumer messaging apps, such as WhatsApp, to stay in touch while working remotely. What they don’t realise is that this leaves them at risk.
As states began to go into lockdown, the use of digital workflow communication tools in businesses has soared. Microsoft Teams’ daily active user count rose more than 37% in a single week, with huge increases also seen across other platforms, including Slack and Zoom.
However, it wasn’t just these tools that saw a big increase. WhatsApp usage is reported to have jumped 40% during the lockdown.
Despite being designed for personal use, consumer messaging apps are frequently being used for professional purposes. However, businesses have legal obligations around privacy, record-keeping, corporate governance, and data protection, which actually makes this type of messaging app unsuitable.
As WhatsApp is the most popular consumer messaging app, let’s take a look at why it’s a risky choice for any kind of business communication.
WhatsApp’s legal terms forbid business use
WhatsApp’s legal terms explicitly state: “You will not use (or assist others in using) our Services in ways that involve any non-personal use.” This means it is not to be used for business or commercial reasons. This reason alone confirms that WhatsApp is not a messaging platform designed for use by organizations.
WhatsApp not compliant with CCPA and other privacy legislation
There are many experts suggesting that WhatsApp is not compliant with CCPA and other privacy legislation, such as GDPR. Not getting explicit consent when adding other users, the inability to delete information after an hour, and not being able to request your own message data, are just some of the reasons that it is practically impossible to use WhatsApp in a data compliant way.
Record keeping of conversations and an audit trail
Businesses have varying degrees of legal obligation to keep records of conversations they have with their employees, suppliers, or other stakeholders in case there are legal challenges or other disputes where they may be required to provide those records. WhatsApp makes it difficult to keep tabs on conversations occurring outside of official channels, so businesses risk failing in their legal obligations by using the app.
Protecting employees and sensitive information
Businesses are required by law to protect their employees. This means ensuring adequate levels of supervision, governance and control are in place to protect against bullying in the workplace, harassment, or other inappropriate behaviours. Again, with users being able to add and remove specific people from groups, these issues can easily go unnoticed.
With WhatsApp, companies do not even know what groups exist, let alone who is in them, or whether former employees or contractors still have access to information that they should not. This leaves them at risk of sensitive commercial information being accessed or shared. WhatsApp states in its terms of service: “Please remember that when you delete your account, it does not affect the information other users have relating to you, such as their copy of the messages you sent them.”
This means that businesses cannot remove messages which might be inappropriate or damaging. Even if a business admin removes a member from a WhatsApp group, they cannot revoke access to a file or link that has been shared unless the user deletes that content manually themselves.
Data breach risks
WhatsApp states that it uses end-to-end encryption, which it does, but only within the messaging app itself.
Data is no longer encrypted when you, or anyone you have been in conversation with, makes a backup to a device, or exports that data, which allows it to be accessed, copied, or shared if not stored securely. With data breaches on the rise, and hackers already exploiting such vulnerabilities in WhatsApp, it’s simply not a safe place to talk business.
Despite its security flaws, the fact that WhatsApp is so widely used has meant that many organizations permit its use in the workplace, even though it is almost always against IT policies to do so.
Alternatives to WhatsApp for businesses
Companies need messaging apps that are simple to use, and free or very affordable, like consumer messaging apps, but with the privacy, security, control and regulatory compliance that is necessary for business use.
Accelerated in part by the Coronavirus pandemic, an ecosystem of messaging apps designed for professional use is emerging. From general-purpose messaging apps suitable for both SMEs and corporates, HIPAA-compliant apps designed especially for healthcare, to apps for highly regulated industries like finance and legal – the majority of sectors can now find a messaging app that is an alternative to WhatsApp while keeping their business safe. If working from home continues to be the ‘new normal’, now is the time for implementation.