The recent exodus of Credit Suisse executive Anthony Kontoleon has raised red flags among business leaders and their employees in industries that handle sensitive data, like banks and financial institutions. If it can happen within a reputable organization, it can happen to anyone. Kontoleon exposed his company to the threat of losing private information, suffering financial loss, and losing credibility among clientele and internal employees, which are prominent issues that put companies at risk through the use of consumer-grade messaging apps like WhatsApp. In the Credit Suisse incident, and similar stories before it, the situation was completely preventable. Anurag Lal is an authority on this topic and has a deep understanding of what organizations can do to mitigate the threat of cybersecurity attacks and protect their information. For companies that handle sensitive data, it is not a matter of if they deal with a cybersecurity threat, but when.
The Credit Suisse story, and many others like it in recent news, proved that even the biggest organisations are still lacking in how they prioritise potential cybersecurity risks. A senior banker was terminated because of his communication practices via WhatsApp with international clients, inadvertently creating a vulnerability in the company by potentially making the client information quickly accessible to any bad actors on the lookout for an easy way in. Though the app was not banned from the company and the exchange of information was never appropriate, and luckily for Kontoleon, a cybersecurity breach did not occur, the standard and safety surrounding the use of communications platforms in the workplace are everchanging and will continue to do so. In this case, organisations are disapproving of consumer-grade platforms like WhatsApp as an appropriate communication method in the workplace because of the lack of security and ability to regulate the information being shared and the ability for attackers to intercept messages due to the lack of the latest security safeguards, like end-to-end encryption.
From internal company policies to prepare for a potential threat, to the ability to recover from an attack, it is clear that enterprises are playing catch-up rather than taking a proactive approach to this very real threat with significant consequences. With each day that organisations continue to use unsecured communication methods, cybersecurity attacks are becoming more technologically advanced, and bad actors are quickly learning to spot vulnerabilities within sectors that are privy to sensitive information. This sensitive information has a high price tag, and it would be naïve to think they will let up on efforts to develop new ways to intercept this communication.
One of the biggest issues causing confusion is where to place the blame, but the truth is that the blame is on everyone. The Credit Suisse case is both a breach of trust and a breach of information from an employee. At the same time, the organisation should have known better than to have such lax and vague communication policies when handling such sensitive and important information. When the risks are so high, it is well worth it for a company to be educated in maintaining best practices across the board, including communication methods.
While these consumer-grade platforms are convenient, efficient, and even familiar because they are often used in personal communications, it is irresponsible to overlook methods of communication that completely remove the risks that landed Mr Kontoleon, and others like him, in hot water. These consumer-grade applications compromise the user and organisation’s security, and they often violate the requirements to comply with regulatory requirements, specifically made out for their industry. While it seems like an innocent mistake made from the habit of using a familiar platform to quickly share an update with a client, that one small piece of communication instantly puts an entire organisation and the client at risk and compromises valuable information. On the other hand, there are enterprise-grade communication methods that exist that allow users to maintain the same ease or functionality that they have with current platforms that come with encryption, security, and control that also keeps them compliant with regulatory obligations. It would appear that a senior-level executive would prioritise and utilise more secure solutions, but these situations have been increasingly present in the recent news cycle, especially in the financial sector.
At the bare minimum, business leaders should take responsibility to implement a cybersecurity policy which is proactive in identifying potential threats and includes an educational component that enables employees to identify phishing and SMS phishing, or ‘smishing’ attacks. Additionally, organisations should focus on a holistic approach to cybersecurity protocols instead of playing catch-up while recovering from the many potential losses. It is crucial to have a plan in place for the ability to quickly recover from a potential attack, examine how it happened and the vulnerabilities within the system, and adapt to avoid the same threat in the future. A good cybersecurity protocol is ever evolving to keep up with the technological advancements of looming threats. Having a dedicated IT team that is well versed in cybersecurity threats is well worth the investment, from a financial and HR hiring standpoint. This is where the responsibility of educating the internal workforce comes in – not just for executives, but for the entire organisation.
The best practice for organisations handling sensitive and valuable data is to ensure that the communications methods in use, both internally and externally, are the safest possible option. This means that these platforms have safeguards like end-to-end encryption and multifactor authentication security. There should be a dedicated team that plans for the worst-case scenario situations and has a plan in place that quickly takes care of the threat and continues to update and develop new strategies to ensure the same breach is never repeated. Ultimately, what we can learn from the Credit Suisse story, is to be smart and invest in products that are available to provide the appropriate enterprise-grade communication methods that have the same capabilities as those that have been causing multiple security breaches and compromising sensitive and valuable information.
NetSfere provides next-generation messaging and mobility solutions for a variety of industries, including healthcare, through its enterprise-grade, secure mobile messaging platform NetSfere Enterprise. NetSfere Enterprise is a secure messaging service and platform which provides industry-leading security and message delivery capabilities, including global cloud-based service availability, device-to-device encryption, location-based features, and administrative controls.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now