Yet another security puzzle, this time from messaging apps



It seems that every week a new security frontier must be crossed. At the device level, servers were the biggest threat first, followed by PCs, laptops, tablets and phones. But the bad actors moved on; now it seems they are in love with messaging apps like WhatsApp, Signal, and Telegram.

Read more: Top cybersecurity threats for organizations

The pandemic has seen an increase in the number of remote business workers using these apps. Many companies have tried to link employee interaction to trusted channels, such as Microsoft Teams. But just as many have not succeeded. As a result, a large number of users prefer mainstream messaging apps for keeping the boss up to date or interacting with peers.

Blur the lines

The way remote work blurs the lines between personal and professional time doesn’t help. If people use WhatsApp to stay in touch with family and friends, for example, you can see why many are bringing it into their work-from-home lives. Corporate dictates may require otherwise, but users want an easy-to-use communication channel.

Company surveillance reached a whole new level during the pandemic.

Additionally, corporate surveillance has reached a whole new level during the pandemic. Businesses have started tracking user logins, keystrokes, uptime on devices, websites visited, and other metrics. This created resentment and mistrust among users.

Shadow IT of messaging applications

Alternate channels are sometimes used to avoid steering control, or just to stick with Big Brother. A computer shadow of additional messaging channels creeps into it. Unfortunately, this expands the company’s attack surface. And thus increases the risk of data loss, ransomware and other security threats.

“Attempting to meet a market demand for communications has led to a range of rapidly launched applications that are not ready for business or enterprise, many of which have poor uptime and uptime and suffer lack of security, stability and built-in core feature sets. “said Nick Emanuel, senior director of products for Carbonite and Webroot.” Secure messaging protocols are often used by cyber attackers to mask data exfiltration, making it much more difficult for the business to identify that they are under attack. “

Read more: VPN, Zero Trust Network Access, and the Evolution of Secure Remote Working

He added that mainstream messaging apps can include privacy policies that may violate regulatory and company requirements. Thus, end-to-end encryption is recommended for all communications using messaging applications to prevent interception during transit.

End-to-end encryption is not enough

With WhatsApp having potentially questionable privacy policies from a business perspective, Telegram and Signal have emerged with end-to-end encrypted messaging included. “Signal and Telegram have driven growth, proliferation and privacy as key business drivers,” Emanuel said.

But even if an email app uses encryption, many organizations don’t like the idea of ​​corporate data being stored on unattended smartphones. Emanuel recommends banning consumer apps for company activities or putting in place detailed company policies to control them.

Likewise, laptops can be configured to block untrusted communications applications and other services at the firewall or port level. Mobile device management (MDM) technologies can also apply to Android / iOS devices. “Embrace the free flow of communications, but offer more secure ways to make this happen while highlighting the risks,” Emanuel said.

Read more : What is Fully Homomorphic Encryption (FHE)?



Leave A Reply