Relying on free tools for your critical communications is a risky business and is very likely to compromise, security, administration and the ability to contact your employees when you need to most.
The threat is still present
The terrible terrorist attacks that took place on Christian churches and hotels in Sri Lanka in April were a wake-up call to anyone who thought that the military defeat of ISIS on the ground in Syria heralded the end of the global terror threat from that particular organisation. The terror attacks on the Muslim community in Christchurch, New Zealand, were another rude reminder to those who thought that only ISIS provided a threat of this nature. The truth is that the threat from terrorist attacks was present in many locations around the globe long before ISIS was created and will continue to exist even when that organisation has faded from memory.
A new and noteworthy feature of both the New Zealand and Sri Lanka attacks is the impact that they had on social media in those countries. The Christchurch incident was, of course, notoriously live-streamed on Facebook by the attacker. This led to condemnation of Facebook itself for its slow response to the unfolding events by the government in New Zealand and the possibility, subsequently raised by the company, of self-imposed restrictions being placed on who can live stream on the platform.
All social media was suspended
The Colombo attacks led to the immediate suspension of all social media in Sri Lanka by the government, on the grounds that it could be used to spread panic, fake news and possibly incite further violence in the country. Facebook, WhatsApp, Snapchat and Instagram were all among the platforms that were suspended for more than 48 hours.
One impact of this suspension was to hinder families and friends in their search for information about loved ones who were missing. Facebook Safety Check was just one of a growing number of free social media emergency tools that was affected by this decision. Another impact was to prevent companies who use social media to communicate with their employees during critical events from being able to contact them.
Why free tools are risky
Relying on free social media tools, such as WhatsApp or Facebook, for your critical communications is a risky business. Here’s why:
- Free tools, such as WhatsApp Groups, lack administrator control over what happens to the information that is shared via the application. Any media attachments, such as videos, are downloaded as default to all user devices and can easily be shared outside of the platform.
- This is a seriously risky business if you are sending anything that you would regard as confidential. WhatsApp makes a big deal of its end-to-end encryption, saying that not even they can see what messages you are sending. But this security function is completely bypassed if someone is forwarding on your messages outside of your control.
- You also need to consider what could happen to your data if any of your group users loses their device or has it stolen. Neither you nor they can remotely disable their WhatsApp account away from the device on which it is held. Only WhatsApp can do that themselves upon receipt of a request. Even if the SIM is disabled, the WhatsApp account can still be accessed using wi-fi. This means that you are reliant on every user within your group acting promptly to notify WhatsApp. If they act at all, most people will simply disable the SIM, which leaves all of the messages, media attachments and contact data from the group account accessible on the compromised device.
- Free social media tools are not built to the scale needed for corporate communications. Although WhatsApp has now increased the maximum limit on group numbers from 100 to 256, this is still clearly not enough for all most enterprises when you consider the need to contact not just employees, but suppliers and customers as well. The only way around this is to create multiple groups, which quickly becomes both impractical and inefficient.
- Tools such as WhatsApp lack enterprise grade administration. This means that they have no administrator portal to ensure easy roll-out to all employees, no monitoring of traffic on the platform, no enforcement of company-wide communication policies, no user management, no corporate user support, and they lack comprehensive access control and compliant archiving.
- Even when these social media platforms are working they lack enterprise class security and administration. But if you are relying on a communication tool that has the possibility of being suspended by national government in the wake of a major incident, as happened in Sri Lanka, then you really are putting all your eggs in the wrong basket.
Enterprise grade security and administration
As a tool for talking to your friends, or even your work colleagues about low level non-critical issues, WhatsApp is a great free tool. We all use it! But if you are thinking about translating that personal use into critical business communications, please think again. It has not been designed as an enterprise application with enterprise class security and administration. To provide these functions is expensive and does not fit into the freemium business model.
There are critical communications platforms on the market that provide enterprise class security, administration, do not expose the business to unacceptable data security risks and utilise multi-channel communications that can guarantee the critical message gets through, even when one channel such as social media gets suspended. If you do not use them then you could be risking a loss of contact with your employees at a critical moment.
Shalen Sehgal
MD, Crises Control
This article was first published in the Autumn issue of City Security Magazine. You can read other articles from the issue here.