Financial Services Need to Bank on Secure Instant Messaging
Data protection has never been more crucial within the financial industry. With stories regarding high-profile cyber-attacks appearing in the news cycle with increasing regularity, financial firms are facing a new imperative to remain compliant. Ensuring that their communications and data transmission are secure, therefore, must be a top priority for risk management and the safeguarding of systems, process, and procedures.
2018 saw the implementation of regulations such as MiFID II and the General Data Protection Regulation (GDPR), which have given national regulators the scope to levy hefty penalties for financial organizations who are in breach of compliance. IT decision-makers within financial companies that are operating under a stricter data protection regulation need to implement advanced technologies to bolster their infrastructure. As the industry continues to evolve and the workforce spreads across the globe, it is vital that employees can collaborate safely from any place and any device.
StarLeaf commissioned a survey conducted by Vanson Bourne, which included IT decision-makers and line of business managers, on the use of collaboration solutions. Within the financial services sector, the findings revealed that 52% of respondents reported an increase in the use of free messaging apps, such as WhatsApp, and 61% stated it is the most effective way to communicate with remote colleagues, compared to 58% for email. However, the results also showed that 78% of respondents to the StarLeaf survey have serious security concerns around the use of free apps, and 85% reported that the security of their instant messaging apps could be improved.
As free messaging apps grow increasingly popular for colleagues to communicate with each other, financial advisers must, as a priority, look at how this affects their compliance with the relevant regulations. For example, MiFID II specifically highlights that all forms of communication concerning financial transactions are recorded as an auditable trail. However, free messaging apps, like WhatsApp, store the messages on the user’s device, where the company has no access to them for auditing purposes. Therefore, if employees use these apps to communicate with their colleagues, not only may they be in violation of their company policies, they may cause their employers to flout regulations. Firms found to be non-compliant with MiFID II can be hit with fines of up to €5 million or 10% of their annual turnover, which could be devastating for any financial advisory firm, particularly smaller businesses with narrow margins.
The risks of being non-compliant with regulations go beyond financial penalties. Financial firms and advisors guard their reputation very carefully and the impact of sensitive information being stolen through a data breach or a disgruntled employee can inflict serious damage on their brand, as well as affect customer trust.
Ease of Communication
As instant messaging and group messaging becomes increasingly popular and efficient as a workflow, IT departments try to provide messaging solutions, which offer enterprise-grade functionality. Unfortunately, many traditional enterprise tools do not give the ease of use, speed of access, and gentle learning curve of their consumer counterparts. It is therefore understandable when employees migrate to using their personal device and their consumer apps to get work done.
I worked with the IT department of a business that had rolled out an enterprise-grade messaging solution and had seen limited take up from the user base. They decided to create a task team to try and encourage usage and adoption and ironically the team agreed to use WhatsApp to coordinate their efforts. However, I advised them that any tools which store information on the user’s own device, rather than in a secure cloud, means that the company has no access to the content of the chats to ensure compliance.
The Risks of Consumer tools
Consumer tools such as WhatsApp allow the users to create groups of employees to collaborate on projects. However, as these apps are consumer tools, there is no overarching management, so when one of the employees leaves the business, IT administrators cannot remove that employee from the groups in which they have a membership. If an employee leaves the company and goes to work for a competitor, they may still have access to the historic and new content of these group chats, presenting a huge security risk on the business. Former employees that are removed from the group will still have access to all the historical information since it is stored on their phone.
The choice of security
The first step is to work with a vendor that has achieved compliance with the ISO 27001 standard, offering the best authorisation, access, process, and management controls, to give decision-makers the confidence that their collaboration services contain robust security protocols and can protect users’ data.
Robust architectural design is essential for a reliable and secure instant messaging service and, ideally, the core services should minimize the use of third-party shared cloud infrastructure, which eliminates the starkly real threat of their data being affected by vulnerabilities, such as Spectre or Meltdown. Vendors with a robust offering will deliver a 99.999% SLA guarantee.
Reliable team messaging which the users will embrace requires more than the built-in security that the company requires. Messaging platforms should also give users an intuitive experience on any platform they use, whether it’s Windows, macOS, iOS, and Android. Whether one-to-one or group messaging, all devices should be completely synchronized with messages and the sending and receiving of all file types, including videos, images, and documents. Built for business, StarLeaf, for example, offers a comprehensive collaboration tool that is both feature-rich and as easy to use as WhatsApp while giving IT leaders complete control and peace of mind.
Instant messaging can be the gateway to enabling more effective collaboration between colleagues and providing a channel for secure data sharing, improving productivity for financial firms. With financial advisers now responsible for keeping an auditable trail of communications, they need to find solutions that meet the relevant regulations and provide a user experience that the employees can embrace.
Instant messaging is a growing part of our culture of communication, but financial organizations should adopt the right solutions to minimize risk and protect users’ data. Secure messaging engineered for the enterprise enables a more mobilized workforce to meet and message more effectively, as well as retain customer trust.