Jakub Jirsk - Fotolia

Messaging apps a growing business security risk, study shows

Businesses should introduce urgent policy changes to catch up with the reality of employees’ use of messaging apps, which is a growing security risk, say security researchers

The majority of enterprises are unaware that employees are creating privacy, compliance and security risks by using consumer messaging apps for business purposes, a study shows.

Nearly three in four employees use consumer messaging apps for business purposes, according to the study by 451 Research and messaging firm Infinite Convergence Solutions.

The study found that despite messaging surpassing email and voice calls in mobile business communications, 62% of companies have not made any policy changes in the past six months regarding employee messaging service usage.

“There’s a concerning discrepancy between the rate at which employees are increasingly using mobile messaging and how well companies are regulating and securing this usage,” said Raul Castanon-Martinez, senior analyst, workforce collaboration at 451 Research.

“We expect the number of employees using mobile messaging to continue to grow, and so will the security, privacy and compliance risks. Given companies are already behind in controlling messaging app usage, the time is now to adopt secure messaging services.” 

The study also shows that 70% of employees use smartphones for business purposes and 40% say they perform work-related activities on a smartphone daily, while 58% say their companies allow the use of personal mobile phones.

Only 9% of employees said their companies do not allow the use of messaging services that have not been approved, which means most employees are communicating using a range of consumer messaging apps on their phones that have not been security assessed.

Read more about messaging app security

“The rise of BYOD [bring your own device] policies in the workplace was intended to make employees communication easier and more efficient, but company policies haven’t evolved over the years and are much too lax given how ubiquitous mobile devices have become,” said Anurag Lal, CEO and president of Infinite Convergence Solutions.

“Employees are increasingly relying on mobile devices to get their work done and organisations must put secure, enterprise-grade communication platforms in place for their use.”

According to the study report, organisations appear to be underestimating the risks posed by consumer messaging apps because addressing this issue is a fairly low priority.

The survey shows IT decision makers rank securing corporate and customer data, and managing data growth as top priorities, ahead of addressing the risks of employees using mobile messaging apps and social media networks.

“It is surprising how few companies have made the minimal investment required to secure this important means of business communication,” said Lal.

“Mobile messaging is an efficient, real-time collaboration tool, but the lack of a secure, enterprise-grade solution prevents many organisations from taking full advantage of the benefits with the risk,” he said.

Read more on Hackers and cybercrime prevention