As many worked from home, accelerated by the pandemic and technology, it has been particularly difficult to avoid a growing threat posed by employees who have utilized private E-message platforms to conduct company business.
Private E-message platforms – email and instant messaging – which include WhatsApp, Telegram, Slack, Hangouts, Signal, WeChat, Messenger, Viber, Gmail, Yahoo and others – are prime targets for regulators or adversaries.
They can be misused when sensitive information about deals are shared. In most cases, these platforms are not authorized for company use because they fail to comply with policies for storing and maintaining records.
Media has well-covered the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) actions cracking down on potentially inside and secret information sitting on private E-message platforms of top banker’ and trader cell phones… or other devices. Significant sanctions are close.
Boards and corporate management must take this opportunity to educate and train personnel about the use of electronic correspondence.
E-message platforms are growing exponentially. Several years ago, WhatsApp stated it had two billion active global users, ranked as the most used global mobile messenger app with more than one hundred billion messages each day, outpacing Facebook, Instagram, Twitter and LinkedIn.
Shift in Focus
While the world focused on growth and politicization of social media, the metamorphosis of private E-message platforms has been somewhat unnoticed.
E mails have been prevalent for business use internally and externally. Notice, however, people are increasingly turning to informal, instant messaging, which was mainly used for personal activities, but now extend to colleagues, clients, customers and other constituencies.
And these platforms are owned by, and in the control of individuals, not the company. These services experienced enormous digital growth with little personal cost and with ease of use……E-message systems are easily engaged, and seem to be confidential, safe and secure as company systems. They are not.
Alternative E-messaging platforms avoid critical guardrails built for traditional emails and official company communications. In most cases, they lack security, monitoring and archiving functions which are important to any business or regulatory authority.
While companies have been devoting time and significant resources protecting systems against outside hacks and viruses, many missed the simple fact that staffs, working from home, created a new informal culture and developing a new Trojan Horse.
And a corporate edict from on high banning use of these E-message platforms …. will not solve the problem. Unfortunately, employees will undoubtedly move to another or new unauthorized platform where they believe they are not being watched.
Corporate handbooks and policies need to be updated. But that is only part of the solution.
Safe and smart writing must be part of curriculums in business schools and in-house corporate courses. Boards and management must continue to educate and train employees on best practices when sending any communication. Everyone must understand they risk careers, company reputation and could create serious costs when clicking or sending messages outside of approved channels on personal platforms.
Training will renew dos and don’ts of crafting messages, rules of etiquette, buzz words to avoid and the need to protect sensitive data. However, this is not a one-time undertaking.
As technology rapidly advances, especially during this time of the great resignation, with employee ranks at all levels turning over at record numbers, boards and management must stay ahead of this challenge and not play catch up when regulators come knocking.
If oversight fails to meet this challenge — companies risk not having records of employee actions or inactions, as well as the knowledge of what is promised or said. Additionally inappropriate or illegal behavior will be hidden behind the veil of these E-messaging apps, and substantial fines, sanctions, lawsuits and reputation damage will ensue.
And, if the company winds up in litigation, it could be caught flatfooted when an adversary has the only copy of the smoking gun, and the company is unaware of critical records.
A new ticking time bomb which could bring down the house, may indeed be sitting on a computer. But it will not be malware commissioned from a foreign troll – it was internally generated in an electronic message typed by employees on their personal devise.
Moreover, employees who use private communications can walk off with business relationships by sharing content and information with their new employer, and the former employer will be in the dark, not knowing about proposals or deals in the works.
Questions From New Quarters
Some businesses may address this growing threat before regulators come knocking on their door, as they have with the Wall Street firms. But beware…. several company stakeholders –investors, lenders, D&O and other insurance carriers- will be taking a hard look at corporate actions, policies and practices, and on this issue asking: “What’s Up with WhatsApp?” – and what are you doing about it?