The recent Signal messaging breach involving senior US government officials highlights important issues for all Australian organisations – Here’s your signal to take action on the risky business of uncontrolled messaging apps and unmanaged devices.
Recent communications failings in the US only serve to highlight the importance of secure communication channels. Whilst media discussion centres around the fallibility of “secure” “end-to-end encrypted” chat apps like Signal, there are far bigger questions demanding our attention here:
- Who started the Group chat to begin with and how did the choose this app?
- Were approved services or channels circumvented or just ignored?
- Is the addition of an unauthorised party the result of human error or malicious intent?
- Where is all that information now sitting if not within organisational (in this case USGov) boundaries?
- Did ANYONE understand, assess or even consider the risks? Were nobody’s Spidey Senses tingling?
While most businesses may not handle sensitive nation-state secrets on a daily basis, they do handle plenty of other intellectual property, financial and business data, personal and client information and data, insights, advice and opinion that should not – either contractually, competitively or based on plain old common sense – be exposed the outside world.
The Risks of Uncontrolled Messaging Apps and Unmanaged Devices
The use of unsanctioned messaging and communication apps and unmanaged devices comes under what we refer to as Shadow IT. Shadow IT is risky business that introduces unmanaged risks to your organisation with serious after-effects from reputational damage and loss of stakeholder trust through business interruption, fines and legal action.
And yet often the only thing standing between any end user and an incident in the making is an app store and a credit card. This seemingly benign decision – often one made based on urgent necessity rather than with any strategic intent – immediately exposes your organisation, your data and your people to substantial risks that are anything but benign!
- Data Breaches: Unapproved apps may lack robust security measures, making them vulnerable to cyberattacks. This can lead to leaks and unauthorised access to sensitive company information.
- Compliance Issues: Using non-compliant tools can result in violations of industry regulations, leading to hefty fines and legal repercussions.
- Intellectual Property Theft: Unmanaged devices and apps can be exploited to steal proprietary information, which can be detrimental to a company’s competitive edge and financial stability.
- Operational Disruptions: Cyberattacks facilitated by insecure apps can disrupt business operations, leading to financial losses and reputational damage.
Time to Talk to Your Managed IT Services Provider
As a Managed IT Services provider, every day we see organisations and businesses allowing, tolerating or even promoting the use of personal and commercial communications apps for company communications. Often they’re lulled into a false sense of security by product names with business or enterprise tacked on, or have simply embraced a personal preference suggested by team members. Most business are often unaware of the risks they face or that they can be mitigated.
Here are some of the things your Managed IT Services provide should already be talking to you about to mitigate these risks and ensure that your company’s messaging, intellectual property, and sensitive data remain secure. Here are some ways we can assist:
- Implementation of Approved Messaging Tools: We help businesses transition to secure, compliant messaging platforms within their business communications ecosystems that are managed and monitored to prevent unauthorised access and data leaks.
- Device and Application Management: Our services include the management of company devices, ensuring they are secure, up-to-date, and compliant with industry standards. Application management on devices can actually prevent certain applications from being installed or run on company devices at all.
- Employee Training: We provide training programs to educate employees about the risks of using unsanctioned apps and the importance of adhering to company policies.
- Continuous Monitoring and Threat Detection: Advanced monitoring tools detect and respond to potential threats in real-time, ensuring that any suspicious activity is promptly addressed.
- Policy Development and Enforcement: We assist in developing and enforcing IT policies that govern the use of company-approved tools and devices, reducing the likelihood of Shadow IT practices.
Next steps
The recent Signal example serves as a stark reminder of the vulnerabilities that exist when using unsanctioned tools.
Let’s have a chat about how to direct communications through your company-approved toolsets and implement measures to safeguard communications, protect intellectual property, and ensure compliance.
