Messaging Apps Create New Privacy Headaches for Banks

Many businesses have benefitted from the proliferation of mobile devices and text messaging apps that facilitate quick, round-the-clock communications. However, these technologies can make it difficult to monitor and control the unauthorized distribution of confidential data. This is critically important in highly regulated industries like banking.

To give you an idea of how messaging apps have caused headaches for banks, on March 30, UK regulators fined a former managing director of Jeffries Group for divulging confidential client information. The banker, Christopher Niehaus, shared confidential information with two friends using WhatsApp, a popular messaging app. The exposed information included the identity of client, the details of a deal involving the client, and the bank’s fee for the transaction.

It’s somewhat surprising that the breach was discovered at all. Because data sent on WhatsApp are encrypted and Mr. Niehaus used his personal mobile phone to send the messages, Jeffries Group only viewed the communications—and subsequently informed regulators—after Mr. Niehaus turned his device over to the bank in connection with an unrelated investigation.

Many banks use tools to monitor data sent to and from company-owned devices and e-mail accounts. However, companies cannot read messages delivered on programs offering end-to-end encryption, like WhatsApp or Apple’s iMessage, even if the information is sent on a company-owned device or network. Therefore, policies and tools intended to protect confidential information can be circumvented by employees using common texting apps.

Companies utilizing “bring your own device” practices face even greater risks. Even though end-to-end encryption may safeguard data from hackers, confidential information is often exposed when a device is lost or stolen. Remember, most data breaches are caused by lost, unencrypted, devices and employee errors than third-party attacks.

Given the growing popularity of encrypted texting apps, employers need to accept that they are not able to monitor all of their employees’ electronic communications. Data monitoring tools won’t save you. That means it’s vital to enact and enforce up-to-date confidentiality policies.

Employees may not understand that workplace confidentiality policies extend to communications on personal devices. Remind them to treat messages like public in-person conversations and refrain from discussing confidential information on messaging app. Now more than ever, training employees to maintain confidentiality and make smart decisions is the most effective method of preventing damaging breaches.

If you have any questions on encryption, data security, or confidentiality policies contact ITPAC today.