Since Whatsapp always highlights its privacy and security, this raises some serious questions for its users.
Enterprises and employees, which use Whatsapp for business purposes, ask themselves if they can rely on the encryption and security of the platform?
Businesses disclose much more information than it might appear.
Let’s have a look at the encryption question first. Let’s assume some security experts are right and this is a small vulnerability, which can only be exploited in exceptional cases. Does that mean overall the encryption is still secure for businesses? The answer for most enterprises is clearly no. Whatsapp does only encrypt the messages, but not the metadata.
Thus Whatsapp e.g. knows who you communicate with, how often you communicate with them, how long you interact with them, which 1:1 and group chats you are part of, etc. Normally this metadata is actually more important than the messages itself.
That’s why intelligence agencies love the metadata. Metadata gives Whatsapp an excellent overview of your social and – in this case – your business relations and their importance.
In addition, in many cases, the metadata easily gives a clue about the end-to-end encrypted content. For example, when you communicate with a specific supplier, it is clear that you are interested in a certain component. When you intensively exchange with a customer, it is obvious that he is interested in buying your product. When you talk to a certain consultant, you probably look for advice on a topic.
When you consult a specific doctor, you probably need special medical aid. When you regularly connect with a competitor, you might contemplate a merger. And so on…
In summary, it can be said, that by using Whatsapp businesses potentially disclose much more information than it might appear.
And all this data will end up with and be used by Facebook.
Businesses do not meet their security, Data Protection and compliance requirements.
Now let’s talk about the second part of the question: Does Whatsapp provide security, data protection and compliance for businesses? Again, the answer for most enterprises is clearly no. This can be easily shown by asking a list of questions:
- Does Whatsapp provide strong data protection required by businesses? No.
- Is the privacy policy of Whatsapp made for the requirements of European enterprises? No.
- Does it ensure minimal data usage and not storing address books? No.
- Is it hosted in a European data centre (or ideally in the country of a business)? No.
- Is Whatsapp compliant with the EU General Data Protection Regulation (GDPR), which enterprises have to fulfil? No.
- Does the usage of it ensure legal compliance required by businesses? No.
- Can enterprises using it prevent mixing private and business communications? No.
- Can enterprises using it prevent mixing private and business contacts? No.
- Can businesses using it prevent the distribution of confidential information to external people (e.g. data
theft)? No. - Can an enterprise manage and control the access of its employees to Whatsapp? No.
- Can a business block the access of an employee to Whatsapp in case of a data loss prevention scenario? No.
- Can enterprises configure communication rules for its employees and units for Whatsapp? No.
- Can a business control the data and content shared via Whatsapp? No.
- Can an enterprise configure data protection and compliance policies for Whatsapp? No.
- Can an enterprise archive the chats of Whatsapp for audit reasons? No.
- Does it support mobile device management or enterprise mobility management solutions? No.
- Does it provide mobile application management? No.
Actually, there are even more questions on the security, data protection and compliance of Whatsapp, that businesses could ask. If you have a look at our blog posts on the disadvantages and damages of the usage of Whatsapp for business purposes, you will get a good idea of what other topics are important
for your enterprise.
Whatsapp does not provide the security, encryption, data protection and compliance required by businesses.
For secure, private, protected and compliant communication with colleagues and teams, businesses need a dedicated enterprise messaging app like Teamwire.
