WeChat and WhatsApp: How to safely embrace these business essentials

In today’s digital workplace, taking advantage of digital collaboration and social media tools is a business imperative. With global social media use greater than ever before, and still very much on the rise, it comes as no surprise that it has embedded itself into the workplace. Just like email, social media and instant messaging apps like WeChat and WhatsApp are becoming business essentials.

We’re all familiar with the shadow IT problem and how many IT departments are still unaware of all the applications and channels their employees are downloading and using for business conduct. Today, the social media channels and instant messaging apps needed to communicate with customers and cultivate new business are both easier for an average employee to use and come with much greater risks. This ease of use and popularity also means that several departments within a company like marketing and sales are both vulnerable to and responsible for preventing a variety of threats that they’re simply not equipped to handle.

For example, WhatsApp and WeChat are two of the most popular messaging apps in the world, with more than 1.5 and 1.08 billion monthly active users respectively. But as we saw just last month,
vulnerabilities in WhatsApp were revealed showing how hackers could change the text of messages and the identity of the sender. As employees connect with clients, business prospects and colleagues on WhatsApp and WeChat and share company information and data, it is vital that companies work to secure that information and all the communications across these channels and platforms.

Companies not only need to protect their employees, customer data and brand reputation from bad actors, they also need to ensure they’re meeting compliance requirements. Given that 80 percent of daily WeChat users are on the app for business purposes, using WeChat is now a de facto requirement for Western companies with business interests in China. What’s also required of Western companies in highly regulated industries? Keeping meticulous records, securing consumer data and information, and complying with various government regulations -- both U.S. and Chinese.

Whether you’re a company in the healthcare or pharmaceutical industry that needs to comply with HIPAA or in the financial services industry with SEC and FINRA reporting requirements, having a way to secure third-party platforms has never been more vital. For example, HIPAA’s Security Rule requires the protection of all individually identifiable health information an entity creates, receives, maintains or transmits in electronic form. As pharmaceutical and healthcare companies turn to platforms like WeChat, it puts companies in a difficult situation: trust the platform (WeChat, for example, has allegedly been involved in cyber espionage campaigns) and risk regulatory violations, or stop using the app and miss out on crucial business opportunities.

The reality is that you can’t rely on a third-party app to adequately protect a company or its employees when it comes to compliance and even legal liability issues. So, what steps can companies take to protect themselves?

First, companies must ensure they have full visibility into all messaging and social media applications employees are using for business purposes, including visibility into all the data being shared. In particular, the IT security department needs to know which apps are being used, what they’re being used for, and have a way to get and secure a record of all that data, including who employees are communicating with. Second, all employees must be given clear training to ensure they know current cybersecurity threats and tactics being employed on third-party platforms. Lastly, companies should implement a data-governance policy that makes it clear what employees can and cannot share in relation to both business and personal information.

WeChat and WhatsApp lie outside traditional cybersecurity perimeters, but that doesn’t mean your company has to stop using them. It isn’t necessary to compromise your business objectives for security. By following basic cyber hygiene, setting up systems and procedures for employees to follow when dealing with messaging apps, and harnessing the right technology, you can retain full control over your corporate data while using apps and platforms that otherwise would present security and privacy concerns.

Image credit: Pe3k / Shutterstock

As the President, CTO and Co-Founder of SafeGuard Cyber, Mr. Freire is responsible for the development and continuous innovation of SafeGuard Cyber's enterprise platform, which enables global enterprise customers to extend cyber protection to social media and digital channels. He has rich experience in social media applications, internet commerce and IT serving the pharmaceutical, financial services, high-tech and government verticals. Mr. Freire has a BS in Civil Engineering, an MS in Management Information Systems and an MBA from the University of Virginia Darden School of Business, where he currently serves as a visiting executive lecturer.