Between January 24th and May 16th of 2016, a managing director at Jefferies International Limited, shared confidential client information with his peers through the popular instant messaging app, WhatsApp. The intel included but was not limited to the client’s identity, the mandate, and fees Jefferies charged for their involvement in the transaction. Consequently, this director was forced to resign from Jefferies and faced €53,140 in penalty fees.
Closing the Yahoo! finance tab is easy as you quit surfing the web and promptly head to a task more productive but ignoring Jefferies International Limited’s detriment is not as seamless. In this century of increased technology, cyber-security awareness and all this entails for client confidentiality, how irresponsible and negligent must someone be to boast client intel and corporate information with friends? The director was not only fired but risked Jefferies security and privacy, damaging the firm’s reputation. I know better than that, you sigh, shake your head, and reflect. Definitely. Yet the more pressing question is whether you have considered the havocking financial, legal, and brand dangers your company and you lay siege when you communicate through insecure messaging apps, such as WhatsApp.
It is easy - too easy - to send comments regarding the last quarterly meeting or a merger document via email or Skype. But accidentally sending this to the wrong person or instigating susceptibility to malware-ridden phishing opens your organization’s entire network to hacking and vulnerability. It is your right and responsibility to be aware of the dangers of insecure messaging – but furthermore to take the necessary precautions to be sure you are safe from any attack.
Ah yes, e-mail. Everyone uses it and e-mail is widely accepted as the most appropriate mode of communication for professionals. But if your role involves conducting, planning, or managing the board, corporate governance, investor relations, etc. you are not the average professional. Cyber-criminals recognize that you deal with highly sensitive, confidential, intellectual information and are on the lookout for high-profile individuals such as yourself.
Personal email is reportedly the most preferred method of communication for directors, with corporate email coming in second place – yet neither should be first, second, or even eleventh place. E-mails are clear text, meaning it is sent and stored without cryptographic protection – this means that the text sent via email can be possessed and understood by anyone. This means that Jack the Hacker, who has his heart set on “sticking it to the man” by gathering intellect and crippling companies, can see this information too.
Furthermore, in a survey by the Business Performance Innovation Network, nearly 6 out of 10 survey respondents admitted to the misstep of sending a confidential email to the wrong party or knows someone who has. And hey, we’re all human - your personalized e-signature is a great reminder - but the risk of sending ubiquitous and large amounts of sensitive and confidential information puts your organization at risk. Even well-trained individuals could inadvertently send out information susceptible to being sniffed or captured.
TL;DR Stop using e-mail for high level corporate communication!
E-mail has a strong hold on first place for Most Popular Form of Corporate Communication, but it is definitely not the only one. Employees use instant messengers, social media, and a slew of other applications that risk not only efficiency but most importantly, security. App developers have no restrictions, regulations, or concerns with incorporating security measures of any kind. At any time, they can add or eliminate a range of security enhancements – to your detriment. Developers will have their best interest in mind, not yours.
What are these risks?
Let’s name a few, shall we?
- Financial loss and fines
- Loss of data, assets, and intellectual property
- Reputation loss and brand weakening
- Breach in customer and stakeholder trust
Trust me, the list is much longer.
Financial Loss and Fines
$61.8 million. That is just the minimum of what Xoom corporation lost monetarily in 2014 after an email spoofing campaign was unleashed on their financial department. In other words, Xoom employees were sent fabricated emails that duped recipients into thinking the email was work related. As a result, hackers were able to fraudulently transfer money to external bank accounts. Furthermore, their audit committee was forced into emergency investigation by third party advisors costing the corporation with the company’s stock dipping 14%. This is a corporate horror story – using e-mail to send information made employees susceptible to phishing. Are those 5 seconds of convenient messaging worth $61.8 million dollars? For most, it is not.
Loss of Data, Assets, and Intellectual Property
When you are sending information via e-mail or some other messaging application to colleagues, it likely isn’t about last Sunday’s football game or how Jerry’s been looking a little chubby lately - it is going to have your company’s most valuable, most confidential, market-moving information. Imperative data, assets, and intellectual property regarding your company, clients, or future projects travel here. You wouldn’t use a pigeon carrier to carry such information because the information is expected to be safe, protected and efficiently delivered. Similarly, using insecure messaging apps leave your organization’s property susceptible to infringement and isn’t qualified to communicate confidential data.
Reputation Loss and Brand Weakening
A great brand and reputation are increasingly necessary with the rise of social media and endless internet access to customer reviews. If your customers and clients observe your company to be negligent and supporting irresponsible and insecure practices, how likely is it that they will trust your company, philosophy, product, or organizational success? The organization will falter in converting leads, keeping customers, and overall efficiency.
Breach in Customer and Stakeholder Trust
We have already seen how Xoom’s stock dipped 14% after its phishing attack, but countless other organizations faced backlash and activism when they failed to protect their data repositories and employee communication. After Sony’s breach in 2014 released private files, passwords, movie production schedules, e-mails, and financial documents, many clients withdrew their business, severely damaging Sony’s customer and shareholder confidence.
So, how do we implement secure messaging practices?
Officiating secure communications and policing it is only half the battle. The other half is implementing the right technology that ceases email communication and removes sensitive data from corporate hardware and personal devices.
Communication frequency is the key to reducing risk. Surveys show that only 4% of executive respondents include cyber-security as a topic discussed at board meetings on a monthly basis. Frequency is considered best practice, so let’s get these percentages up.
Continued education. Share updated knowledge about the dangers of insecure communication methods with executives regularly. Make it a point to better understand what offerings are out there through board portals and the value they can bring to the table as part of improving your overall corporate governance practices.
Begin with secure messaging technology. I know. This isn’t particularly easy since systems are often already in place, but directors should be engaged at the outset. When the standard is understood and directors are involved at the beginning, during, and after on-boarding they will be actively invested in ensuring corporate security. Encourage feedback so the team clearly understands what methods work for them and where there is room for improvement – this is particularly important if systems are already in place. Once your communication is secure, ask what adjustments should be made to increase efficiency while still providing an adequate level of security.
Don’t stop at communications – start using a secure document repository for all organizational data! Documents are equally susceptible to breaches and carry heaps of equally sensitive and confidential information. A best practice is to use a workplace productivity platform with a secure document repository included. Workplace productivity platforms leverage artificial intelligence, data analytics, and data communications in order to securely meet the needs of board members and executive teams. Such platforms enhance productivity and security – can’t beat that.
Expectations with no exceptions. Leadership should enforce, abide, and maintain expected best practices for board communications – no exceptions!
It is not only your right but your responsibility to be cognizant of the dangers and risks of communicating with insecure messaging apps. Stop risking the company’s well-being by tediously messaging information insecurely. Take a stand against this and protect yourself from the Jack the Hackers of the world by implementing safe, secure, and efficient messaging!
Want to learn more about workplace productivity platforms? Click here.