WhatsApp and similar consumer messaging apps are widely used for business purposes. Such messaging apps are often part of the shadow IT in an enterprise. These apps have significant weaknesses in security, compliance, administration and business productivity. If you use WhatsApp and Co. in an enterprise environment, these weaknesses can lead to
substantial damages for your business. This white paper describes the disadvantages and quantifies the potential damages of using WhatsApp and Co. in an enterprise.
1. Compliance Violation
Several industries deal with strictly confidential and sensitive information, and data deserving protection for various reasons. Businesses in these sectors regularly have to fulfill specific compliance standards. In the USA, for example, healthcare enterprises have to meet privacy rules of HIPAA, and financial services businesses have to comply with data audit, archiving and retrieval rules of SOX. In other countries there are similar laws and legislation, which basically ban the usage of WhatsApp for business purposes, since such consumer messaging apps cannot ensure legal compliance.
In case of non-compliance, an enterprise not only faces high legal costs but also fines and indemnification payments. Damages sum up to €50-100K quickly and can reach €1Mio., or even more.
2. Breach of Data Protection Law
Fines start around €10K for a single misdemeanor and can quickly reach up to several €100K.
3. Full Liability with No Chance for Exclusion
Things get more problematic, because WhatsApp states in their terms that the app may be used for personal use only. So based on the current terms a business use of WhatsApp is actually forbidden. Thus, in addition to the licensing issue (see below), your enterprise will be completely liable. If something negative or unforeseen happens with the data of business partners and customers, and they suffer any damage, they can claim full compensation from your enterprise.
4. Theft of Corporate Data
If WhatsApp is applied for business purposes, in the app there will be a mix of private and enterprise chats. While this is far from optimal from a productivity point of view, this is as well critical from a security point of view. The mix of private and business communication enables plain security breaches and direct theft of corporate data. Users can simply copy and paste or forward sensitive corporate data to people from outside the organization, without your enterprise noticing.
The usage of WhatsApp makes it impossible to protect any confidential business Information and intellectual property. Damages can quickly approach couple of €100K. If intellectual property like research and development data gets stolen, these damages can reach many millions.
5. Loss of Corporate Data
WhatsApp does not provide a mobile application management or security layer to prevent data loss. So if a mobile device gets lost or stolen, your enterprise cannot remotely delete or remove the confidential business data in WhatsApp from the device. Only if you have an additional mobile device management or enterprise mobility management solution installed on the device, this can offer a way to completely wipe all data and apps remotely. Besides the access to a WhatsApp account of an employee cannot be blocked by an IT administrator. In the standard case where an employee leaves the enterprise, this user could still access all business information in chats in WhatsApp, and actually continue to participate in the exchange of confidential information with former colleagues and teams. In the case where a mobile device gets stolen, a thief could continue to use WhatsApp with the identity of the original account owner. This identity stealing would enable a thief to further gain confidential enterprise data from business colleagues or engage in other criminal activity. These kind of incidents cannot be solved by your enterprise, when using WhatsApp for business purposes. And all these scenarios can lead to significant loss of corporate data and to extensive damages.
6. Productivity Loss
WhatsApp is not available cross – platform and lacks tablet apps as well as professional desktop clients for e.g. Windows, Mac and Linux. The desktop apps of Whatsapp are only “companions” of the smartphone apps, require a constant internet connection to your smartphone to work and have security risks for enterprises. Without tablet apps and professional desktop clients many workers loose productivity, business processes are not enabled and team collaboration cannot reach its full potential. A lot of work is done on laptops, tablets and desktop PCs, and an enterprise requires a messaging app that makes all business use cases possible, improves team communication and accelerates workflows on these devices as well. As noted above WhatsApp applied for business mixes private and enterprise content. That means you will have an unstructured combination of private and business chats and all related information within WhatsApp. On the one hand this mixture makes it difficult to get a quick overview of important priorities within your enterprise. Thus, you need more time to access business critical information and to drive work. On the other hand this mixture does not enable a clear focus on business activities and will distract you. Consequently due to these limitations of WhatsApp you and your colleagues loose time. Altogether, in comparison with a dedicated enterprise messaging app, the usage of WhatsApp for business results in a substantial productivity loss.
7. Inefficient Workflows
WhatsApp does not integrate or connect to the enterprise IT ecosystem. To start with, WhatsApp does not support enterprise file sharing solutions, which is a very broad business use case. In addition, an enterprise requires other business critical integrations into systems like ERP, CRM, accounting, HR, manufacturing, logistics and many more, which WhatsApp does not provide. This means that e.g. you cannot easily exchange corporate documents with colleagues and teams, you cannot directly distribute reports out of your CRM, you cannot automatically share analysis from your business intelligence software, you cannot get real – time information from your project management software on progress and next steps, you cannot receive instant updates from your ERP on required decisions and approvals, and so on. Obviously, all of this gives rise to inefficient workflows, weak information exchange, lack of coordination, business disruptions, unstable operations and ineffective processes. An important aspect of leading business operations is a connected, seamless and integrated
IT system in order to ensure streamlined processes, automatic information exchange, reduced risk and efficient workflows across the enterprise. Due to lack of enterprise features, the usage of WhatsApp for business cannot satisfy these
expectations. The results are increased costs, higher risks and considerable revenue loss for your enterprise.
8. Interruptions of Operations
Generally WhatsApp is a reliable consumer messaging app, and there aren’t many downtimes. Still, in the business world if a user has a problem or if things don’t work as they should, these interruptions can cause workflows to be delayed or completely fail. Therefore businesses require enterprise support for a messaging app, which WhatsApp does not offer. If WhatsApp is used for mission-critical processes, the potential damage can be significant and can bring about higher operative costs and even fines from customers and partners.
9. Technical Damages
It is technically possible to use WhatsApp to distribute a virus or other vicious malware. As a result a mobile device might stop working properly, the IT infrastructure of a business can be damaged, the security of a user can get compromised, or confidential enterprise and customer data might be stolen. While these kind of incidents are more likely to happen on operating systems with security weaknesses, the consequent damages can be very substantial and should not be underestimated.
10. License Violation
As noted above already, WhatsApp’s terms clearly state that WhatsApp may be used for personal use only. Accordingly, if your enterprise applies WhatsApp for business purposes, this is actually a contract breach. Potential license and copyright damages could lead to considerable fines for your enterprise according to civil law. The license violation might also be a compliance issue for the management of your enterprise, if control mechanisms were not properly implemented or adhered to. This can be an offense as well and cause additional penalties. Overall, it should be clear that the potential damages by far outweigh the potential benefits of using WhatsApp for business purposes. The usage of WhatsApp and similar
consumer messaging apps in an enterprise environment cannot be recommended at all. In order to avoid the described damages and achieve enterprise-grade security and productivity, a business should choose a dedicated enterprise messaging app like Teamwire.