Messaging apps for business communication: to ban or not to ban?
Consumer messaging apps are hugely popular: around 2 billion of us use WhatsApp, and there is a growing number of alternatives. Messaging apps are a cost-effective and convenient way to keep in touch with family and friends, to organise events and share videos. That said, it can be very risky to use these consumer-grade messaging apps for internal comms at work – although that doesn’t stop people from doing it regardless.
In this article, I’ll explain why you should consider banning messaging apps for business use, and use one of the professional alternatives, instead.
It's easy to understand why so many people use messaging apps for internal comms at work. WhatsApp, for example, is very convenient, and most of your contacts probably use it. However, a quick look at the app’s terms of service show that Facebook/Meta don’t see their most popular app as a business tool. WhatsApp does not permit ‘non-personal use’, and its privacy policy includes data-sharing policies that many organisations will be (or at least, should be) uncomfortable with.
Of course, Meta also sells the WhatsApp Business app and a WhatsApp API, but these are designed for customer engagement and service, not for internal comms.
Nonetheless, people continue to use consumer messaging apps for work, and sometimes their managers know about – even encourage – the practice. They know that even beyond work hours, if a message pops up on somebody’s phone they are unlikely to ignore it. But that may be just the start of their problems.
Messaging apps and your duty of care
In a recent survey of 1,000 UK workers, a staggering 73% said they are contacted by work during their annual leave. Unless those workers were actively logging into work systems remotely (unlikely) they were presumably contacted via ‘unofficial’ channels such as messaging apps. But this blurs the boundaries between work and home and can put the employer at risk of liability if workers cite it as a cause of stress or other workplace-induced illness.
At least if you use a centrally-controlled, work-specific messaging app you can prevent it being used inappropriately and have an audit trail to prove your compliance; with consumer messaging apps, you have no chance of either.
In the UK, 822,000 workers suffered work-related stress or depression in the 12 months to March 2021. The threat of burnout, to staff and businesses alike, is very real; a ban on unofficial messaging could help with this.
Consumer messaging apps put your data at risk
Perhaps the biggest corporate risk you run when using consumer-grade messaging apps, is with the safety and integrity of data.
Even with end-to-end encryption, you cannot guarantee the security of your data. This danger is particularly acute with consumer messaging apps because they are prime targets for cyber-criminals, who have really ramped up their attacks since remote working made it viable for them to access business assets this way. While WhatsApp is the most frequently-attacked of the messaging apps, others are also risky.
Also, whenever your information is sent via private message and read, it may be downloaded onto somebody’s mobile device – a device that you cannot control. The recipient can share, forward, manipulate or tamper with your data, and there is nothing you can do. This is a particular threat with consumer apps, which generally allow group messaging. It’s incredibly hard to know who is in a messaging group at any given time, let alone exercise control over them. Your data could easily be shared with a disgruntled ex-employee, or the former staff member who now works for a rival.
Finally, if you don’t have central control of your messaging, you don’t have control of the information exchanged within it. What your staff think is idle gossip could actually be a commercial secret or reputationally dangerous half-truth. And if you have encouraged a gossipy culture, where people are not held accountable for their use of information (e.g., by permitting the use of unofficial messaging apps), you might find it harder to defend yourself in an audit or tribunal.
Just ask Boris Johnson. Back in 2021 the former prime minister’s phone number was leaked. In the ensuring clean-up information, it was discovered that he had conducted work via messaging apps (including WhatsApp) and apparently failed to comply with policy that required all messages to be copied to a parliamentary archive. In the following year, the Information Commissioner’s Office (ICO) investigation found that government officials’ use of messaging apps and other private channels had compromised the integrity and transparency of internal communications during the Covid-19 pandemic and called for harsher regulation.
Data loss is a risk to your business
Even if your organisation has a similar policy to government’s, i.e., acceptance that messages are sent through non-official channels but a requirement that they should be formally recorded, how certain can you be that all of your data is on record? And this isn’t the only way that you can lose data stored on messaging apps. WhatsApp itself generates the risk of data loss through account deletion; inactive accounts are deleted after 120 days without alerting the user. This could result in your organisation losing data, but not knowing anything of it – until it’s too late.
Missing data is not only a threat in terms of incomplete audit trails – although that can be a disaster if you are audited for regulatory or legal purposes and found wanting due to your use of messaging apps (it cost bankers JP Morgan Chase $200 million). If you have purchased organisation-wide systems to crunch your business data (a very intelligent decision), you cannot link the information passing via consumer messaging apps into this bigger picture. This means that your systems are working on incomplete datasets, and the overview you gain from them will be inaccurate. Only by banning them can you hope to generate a true picture.
Professional, business-focused messaging systems, on the other hand, can be linked into these systems.
What is the solution?
In my view, there is a weak argument for using consumer-grade apps for internal comms (convenience, ubiquity, cost-effectiveness) but a much, much stronger case for banning them. There is simply no need for organisations to be running the risks that accompany WhatsApp and its ilk; there are plenty of communications platforms available that have been designed for business use, and tailored for specific sectors, use cases and devices. These are secure, GDPR/UK GDPR- and DPR-compliant and can be integrated with existing software and systems.
A tailor-made messaging platform offers more than just messaging and video – it reduces risk, protects your organisation from liability, improves the quality of your data analytics, and is a great productivity tool.