‘WhatsApp’ data breach: Business considerations
The recent news that online messaging service WhatsApp was the victim of a significant data breach has caused some consternation amongst employers. The service, and others like it, have proven to be a popular and convenient way for employers to communicate with staff. However, your client may now consider evaluating whether to continue sending sensitive business information through these channels.
Whilst an update to the app has apparently ‘fixed’ this issue, your client should understand that continuing to use WhatsApp, or other third-party messaging services, will always come with a degree of risk. Although developers often release important updates to improve security, recent examples have shown these will not always deter cyber criminals. Furthermore, it may be difficult for your client to stay on top of any updates, given the host of duties assigned to them, and failing to ensure these are installed effectively could jeopardise the security of any communications.
Aside from data protection concerns, your client should also consider that information sent via online messaging services can be difficult to police, meaning this could become a platform for bullying and harassment. It will, therefore, be important to inform staff that, whilst they are free to have their own private chats, any work-related WhatsApp groups must remain professional and free from offensive language at all times. To mitigate this risk, your client should ensure their social media policy remains fit for purpose and gives them the authority to discipline staff for inappropriate behaviour.
Although WhatsApp groups will allow your client to share information and ideas at any time of day, they should consider that reminding individuals about work outside of working time may not necessarily be appreciated. Many individuals like to switch off outside of work and constant reminders about their work commitments could increase stress and decrease morale.
Ultimately, your client should understand that no form of electronic communication is likely to be 100% secure. Whilst this risk can be reduced significantly with the help of a stringent IT department and employee cooperation, your client should weigh up the pros and cons from a business perspective before deciding on how to proceed.