Request demo
October 10, 2022

Are You Using Unauthorized and Non-compliant Channels for Sensitive Information Sharing?

Are your sensitive communications encrypted, restricted, trackable, and compliant? That's the question circulating in the finance sector, as massive fines are hitting financial businesses due to personnel discussing deals and trades on their personal, unauthorized devices and communication apps – and then deleting the messages afterward. 

Unencrypted and untrackable communications are a serious vulnerability

Wall Street companies have been fined over 1,8 bln dollars this year for violations like these, and U.S CFTC Commissioner, Christy Goldsmith Romero, strongly condemned similar activities in her statement, accusing these practices of jeopardizing market integrity and violating the law.  

She also pinpointed the fact that this illegality “…was disturbingly widespread, evasive, directed or sanctioned by senior bank executives, and a clear violation of the law and internal bank policies.” 

The widespread use of unauthorized communication channels is a serious security issue. For example, have you ever thought of how many people you are sharing your business communication with? The number is probably much higher than you think.  

To help you assess the security level of your own communications, try to answer this question: Which of these statements apply to your communication style? 

  1. I send sensitive data over WhatsApp, Wicker, Signal, text messages, or similar applications.
  2. I regularly delete the messages I have sent.
  3. I use end-to-end encryption for sensitive communications. 
  4. I can authenticate the recipients before allowing them access to the sensitive data.
  5. I can authorize, restrict, and allow access to business-critical data according to different data classification levels.

If statements 1 and 2 apply to you, you’re practicing a communication style that can lead to data leaks and non-compliance. If you agreed with statements 3, 4 and 5, you’ve got it covered and your communication style supports good practices.

Messaging applications or regular SMS are not secure enough

Let me elaborate.

Using popular instant messaging applications, like WhatsApp, is a very risky business for sensitive information sharing.  

WhatsApp is owned by Facebook, the company whose track record for keeping information private is not great. Their business model is based on sharing information, not protecting it. WhatsApp has its uses, but it’s not the tool to use when sharing your company’s business or trade secrets. 

Many people think that switching from WhatsApp to traditional SMS will protect their data and information, but the unfortunate fact is that traditional text messages are not very private or secure either.    

When using traditional SMS, the messages you send are not end-to-end encrypted. Also, mobile operators and service providers can potentially see the content of your messages as the messages are stored in the service providers' systems and data warehouses.

Secure your sensitive communications with the right tools

Going back to the question above - the best answer is to preserve a solid track record of your business communications for auditing and forensics while being in control of your data and content yourself (statements 3, 4, and 5). 

You should use a solution that: 

  • boasts robust end-to-end security for communications across organizations 
  • identifies and verifies any user sharing sensitive information 
  • allows you to restrict access levels and additional authentication methods as per the sensitivity level of data (confidential, restricted, secret) 
  • works like your everyday online collaboration tools but with government-grade security 

This enables you to preserve your business communications, fulfill record-keeping requirements, and share the communications only with the intended recipients. 

At SSH, we understand that compliance with laws and regulations is crucial to keep your operations going – whether you use on-prem tools, the cloud, or a hybrid approach to data management. The mission of our SalaX Secure Collaboration 2024 Suite solution is exactly that – stay compliant while processing, storing, and sharing data with the right people.

Learn more about SalaX Secure Collaboration 2024 Suite >>>

Learn how we help our customers secure their sensitive communications >>>

 

Maarit Asikainen

Maarit Asikainen is business manager with strong background in software and IT industry. She has worked with major companies like Nokia, Telia and EVRY in marketing, sales and business development roles. She believes that the interplay among strategy, offering, brand, and customer understanding ultimately fuels the...

Other posts you might be interested in