While WhatsApp is a consumer-grade application, many people are using it for business purposes. It’s free and it’s easy to use – most people are probably already using it – so it seems like the ideal communication tool, particularly now many employees are working remotely.
But is WhatsApp really suitable for business communication?
Privacy Policy Updates
WhatsApp was acquired by Facebook in 2014. At the time, CEO Jan Koum stressed how deeply he valued the ‘principle of private communication’. However, just two years later, in 2016, both apps announced they would be ‘coordinating more’– but did give users the option to opt-out of sharing their personal data with Facebook.
This time around, there is no opt-out.
Users who want to continue using WhatsApp after May 15th 2021, have to agree to the updates made to its terms and privacy policy. This means being prepared to share their personal information such as names, profile pictures, status updates, phone numbers, contacts lists, and IP addresses, as well as data about their mobile device, with Facebook and its wider companies. Users who don’t accept the new terms will be blocked from using the app. The new policy, which applies to all users outside of Facebook’s European Region (including the UK), also means that simply deleting the app from the device will not prevent WhatsApp from retaining a users’ private data.
Since the privacy policy changes were announced, WhatsApp has now said that it will not be sharing personal data from people who previously opted out of sharing their information with Facebook. According to The Register, this setting will be apparently be honoured going forward next month, even if you agree to the new policy. For all other users though, there is no opt-out.
A WhatsApp spokesperson also said this update ‘primarily centres around sending messages to businesses to get answers and support’, claiming there will be no change in data-sharing for non-business chats and account information. However, there has been much criticism and concern about the update online.
Update: 12th May 2021
Originally, WhatsApp planned to roll out its privacy policy update on February 8th 2021. However, due to huge public backlash and confusion, they opted to delay until mid-May. Through a series of updates, WhatsApp attempted to clarify its position, reiterating that the update is mainly meant for businesses using its messaging platform. But nonetheless, WhatsApp stated that the change would not impact “how people communicate with friends or family” on the platform. The company also specified in a blog post that it would continue to provide end-to-end encryption for private messages, and it didn’t keep logs of its users’ messaging and calling.
However, despite the clarification around data sharing, there are still plenty of reasons why businesses should stop using WhatsApp for business-related communication
GDPR Compliance and Liability
WhatsApp makes it abundantly clear that the app is designed for personal use in their Terms of Service.
“Legal And Acceptable Use. You must access and use our Services only for legal, authorized, and acceptable purposes. You will not use (or assist others in using) our Services in ways that: … or (f) involve any non-personal use of our Services unless otherwise authorized by us.”
After installing WhatsApp on your device, you’ll receive a pop-up asking for your permission for the app to access your contact. It requests that you ‘Upload your contacts to WhatsApp’s servers to help you quickly get in touch with your friends and help us provide a better experience”. Agreeing to this means that all your phone contacts are accessible in the app. The problem is, it doesn’t distinguish between personal contacts and business ones. Your contacts haven’t given permission for a third party to access their personal data, which could be a potential breach of GDPR.
WhatsApp has been clear that is for personal use. Users must agree to these terms and conditions before they can access the service and WhatsApp can access the users’ contacts. Therefore, the responsibility for GDPR lies with the user, not the app.
Individuals who use WhatsApp for any business communications are in breach of the terms of service. This limits WhatsApp liability for GDPR because they have given the user all the responsibility for seeking the permission of their contacts.
Security Risks of WhatsApp
Using WhatsApp for business communications is fraught with security risks too. While the app famously boasts security due to its end-to-end encryption, there have been plenty of reported hacks and flaws.
Just last October, security researchers revealed that links to thousands of WhatsApp chats were accessible online. Although there was a quiet change to stop the links from being indexed by Google, the information was still readily available on other search engines. The group’s title, image, description and owner’s phone number were all readily accessible, you didn’t even need to actively join the group.
WhatsApp communications are also notoriously difficult for companies to monitor. It may be possible if they are taking place on a corporate-owned device, but even then, there are multiple hoops to jump through. Companies could require the employee to surrender the device, but to access the content itself, there would need to be an IT policy that states WhatsApp as an acceptable communication channel for business purposes. Although, this policy would be in breach of WhatsApp’s acceptable usage policy. The IT policy should be crystal clear about the firm’s right to access and for what purposes (ensuring these are proportionate), so the employee has no expectation of privacy.
Things get even more complex if the employee owns the device and WhatsApp has been installed outside of a mobile device management (MDM) container installed as part of a BYOD policy. The same policy that applies to the corporate-owned device could be extended to employee-owned ones as well. However, given the device is owned by the employee and used predominantly for personal use, it is doubtful whether a forced surrender and access could be seen a legally proportionate.
If there’s no BYOD policy in place? Access is near impossible. As a personal device, the employee would have much higher expectations of privacy and there would need to be an extremely compelling reason, akin to a criminal offence, for an employer to try and obtain access.
What should you use instead of WhatsApp?
While you could write WhatsApp into your IT policies as an acceptable communication channel for business communications, you would knowingly be in breach of the app’s acceptable usage policy.
Plus, even with that in place, there is still a myriad of security, privacy, monitoring and accessibility concerns linked to the app’s business usages. That’s before you even begin to factor in cultural problems potentially caused by the informal nature of the app. Employees could post personal messages to work chats by mistake, accidentally share their live location, or information could get lost between multiple group chats.
Instead, it’s much better to opt for a business-grade secure communication solution. Many of these solutions function in the same way as consumer-grade apps, giving users a familiar interface so they can get started immediately, but with much stronger security. Solutions are available across multiple devices and will protect your voice, video and text data in transit and at rest, preventing accidental leakage or malicious attack.
The COVID-19 has had a huge impact on the way businesses deliver IT services to end-users. The lockdown and subsequent restrictions left businesses scrambling to deal with an unprecedented situation where their entire workforce needed to work from home. Most simply weren’t set up for permanent, widescale remote working but had no option but to embrace it to remain operational.
Technology like online meeting and collaboration tools, hosted telephony, VPNs and virtual desktop infrastructure (VDI) saw a surge in adoption as businesses looked for ways to keep their employees connected, productive and secure. Of course, VDI solutions are nothing new. Businesses have been using it for over a decade to deliver desktops and applications to end-users. However, it is seeing a resurgence, both due to current challenges arising from COVID-19 and the maturation of Windows Virtual Desktop. This was highlighted in the recent Spiceworks Ziff Davies 2021 State of IT Report which found 46% of businesses were using or planning to use VDI by mid-2022. Furthermore, 26% of businesses planned to increase VDI deployment specifically because of the new challenges that have surfaced due to the pandemic.
How can VDI solutions help internal IT Teams?
1. Reduced Costs
Delivering desktops through VDI helps reduce the time it takes to provision new desktops. Easy and quick to set up, VDI not only reduces the time required by the IT team and the support costs, but it also provides more immediate value to the business.
VDI can also help IT Managers optimise and reduce their IT spend. Purchasing and upgrading hardware for remote employees is a significant cost, but as a virtual desktop can be accessed from almost any device it can really help slash spend in this area.
2. Simplified Licencing
Software licencing is one of the most common issues for IT managers with remote employees. If an end-user uses a personal device for remote working and needs a particular app to do their job, it’s ITs responsibility to licence this. Not only do multiple licences increase IT costs, but it also complicates licence tracking and compliance. The IT team needs to be able to prove that apps on personal devices are properly licenced and differentiate between corporate-owned software and personally owned software. VDI solutions eliminate this challenge for IT teams by keeping the licenced software within the business’s own data centre and removes the need to track remotely installed apps.
3. Improved Security
Security is a constant concern, even more so with the new threats emerging as a result of the pandemic. It’s a particular issue for IT teams where end users are using personal devices to access company data or systems. There are no guarantees that the device adheres to the company security policy, it may be infected, compromised or running an outdated operating system. However, with VDI, device-level security becomes less important as the user remotely connects a corporate desktop which IT configures to exact security requirements. The personal PC essentially becomes a thin client as all activity takes place in the data centre, with all of the corporate security systems and controls in place.
IS CONFIDENTIAL DATA LEAKING OUT OF YOUR BUSINESS? FIND OUT TODAY WITH A COMPLIMENTARY DARK WEB SCAN
4. Reduced Technical Support Time
IT Managers’ workloads are higher than ever now they need to manage a fully remote workforce on top of their existing responsibilities. VDI solutions make it easier for IT teams to support remote end-users because it puts them in a standardised environment, with the device itself less significant. It also reduces major technical issues and speeds up resolution time because IT teams already have all the information about the user’s virtual desktop systems to hand. Of course, technical issues can still occur with virtual desktop users, but these are usually related to connectivity and performance and are simpler to identify and resolve.
5. Centralised Management
With everything centrally stored, managed and secured, desktop virtualisation streamlines the management of software assets. This makes it easier for the IT team to set up and provide end-users with desktops and applications, no matter where they are located. Administrators can also deploy, patch, upgrade and troubleshoot from a central, singular location, rather than updating end-users’ environments individually.
Are VDI solutions the right choice for every business?
Desktop virtualisation has continually developed over the last decade, but today the main two categories are VDI and DaaS (Desktop as a Service). VDI is suited to businesses who want to host and manage the virtual desktops themselves, on their own servers. DaaS is very similar but removes the need for infrastructure management by delivering it as a cloud service.
Both VDI and DaaS are well placed to deal with the most common challenges of traditional desktop and laptop systems, such as software licencing inventory, ensuring compliance and expensive procurement. Outside of these legacy challenges, both solutions also help businesses deal with IT process concerns, such as keeping up with the rapid pace of change and the time IT staff have to dedicate to routine tasks (e.g. troubleshooting, helpdesk requests).
DaaS has a slight potential edge on VDI due to the shared responsibility of a cloud model. It largely removes the need to manage the physical infrastructure, enabling IT teams to focus on the entire digital workspace and user experience.
The prominent solution that overlaps both categories is Windows Virtual Desktop (WVD). Previous virtualisation options gave businesses limited options over the type of virtual machines they could use to deliver desktops. They had to either compromise on user experience and deploy Windows Server Desktop experiences to achieve the cost benefits of a multi-session. Or, they had to sacrifice on cost and deploy single sessions in Windows 10.
This dilemma, plus the opportunities presented by Azure as a platform, ultimately led to the development of Windows Virtual Desktop (WDS). It’s the only virtual desktop infrastructure that offers simplified management, multi-session Windows 10, optimisations for Office 365 Pro Plus and support for RDS environments. An additional plus, just for IT teams, is the relatively short time to go live. A 100 person business with 4-5 servers could be looking at less than a week to set up from scratch.
Are there any issues with VDI solutions?
However, like any technology option, VDI is not a one–size–fits–all solution. Businesses still need to fully evaluate its suitability for their employees and their ways of operating. For example, while VDI is a good option for remote workers and contractors who need to securely access Office applications, it’s not the best for employees who travel frequently due to latency and VPN issues.
Certain applications also still don’t perform as well in VDI style solutions. Microsoft Teams and Zoom are two of the most widely used conferencing platforms, yet they both have performance issues and limitations in VDI environments. For example, with Microsoft Teams some advanced features may not be available in a virtualised environment, and video resolution can differ. Call and meeting functionality is also only supported on a limited number of platforms. As there are multiple market providers, it’s recommended that you seek consultancy advice or speak to your virtualisation solution provider to confirm you meet the minimum requirements.
VDI is just one element of the technology stack. Don’t forget you’ll need other complementary technologies to address gaps and round out the experience for the end-user if you’re looking to build a fully functioning digital workplace.
The Question
“Our teams have been working from home since March and while overall it seems to be working well, I think some employees aren’t really working as they should be. Should I be using monitoring software to track their productivity?“
The QuoStar Answer
Well, this is a relatively common question and one I’m sure many managers have contemplated in the previous six months. Since lockdown, demand for monitoring software has soared. Searches for ‘employee surveillance software’ are up more than 80% and some providers have seen a threefold increase in demand for their tech.
However, employee monitoring is nothing new. In 2019, over 50% of large organisations were already using ‘non-traditional methods’ to monitor their employees, such as analysing email text, logging computer usage or tracking employee movements. Even employees themselves are beginning to expect a certain level of monitoring and believe it will increase in the future.
Advantages and disadvantages of employee monitoring
The benefits of employee monitoring are probably widely known. Many studies have shown that when people know they are being monitored, they behave in the way they think is expected. In other words, they become more productive.
The real–time data collected by tools can, if utilised correctly, help uncover problems and identify bottlenecks. You can allocate resources more effectively and rework processes to prevent employees from having to spend more time than necessary on certain tasks. It will also allow you to identify employee strengths and weakness, giving opportunity for both praise and further training
A welcome side effect, particularly in the current climate, is enhanced data security. As an example, some tools can alert you to suspicious activity or block certain actions from happening altogether, such as the opening of certain applications.
However, all these potential benefits can be instantly wiped out by a poorly handled rollout. Attempts to be covert or any dishonesty about the true purpose of monitoring will likely be viewed extremely negatively. Your employees may feel that their privacy has been devalued or violated, and like the company no longer trusts them. It may result in diminished morale and elevated stress, harming your ability to retain staff in the long run.
Legal implications of monitoring employees at work
While employers are well within their rights to monitor activity on ‘business-owned’ devices, it’s a fine line to tread. You need to find a balance between employees’ legitimate expectation to privacy and the company’s interests, and there must also be a legitimate purpose for the monitoring.
The Information Commissioner’s Office (ICO) states that employees should be made aware before monitoring begins, told the reasons for its use and how the information collected will be used. Government guidance also states that employers must clearly explain the amount of monitoring in the staff handbook or contract. This includes telling workers if they’re being monitoring, what counts as a reasonable amount of personal emails and phone calls, and if personal emails and calls are not allowed.
You will need to carry out a formal ‘impact assessment’ to justify the use of monitoring tools before any go live. This identifies the purpose of the monitoring and the likely benefits and adverse impact. As part of the assessment, you’ll need to look at alternative ways the purpose might be achieved; look at the obligations that will arise from monitoring; and whether the decision is justifiable (compared to the effects the employee might experience).
If you’re planning to use the information collected as the basis of disciplinary procedures (e.g. an employee being consistently unproductive) then I would also advise seeking legal advice to determine whether you need to amend your employment contracts to reflect this.
Monitoring software raises the age-old issue of data security and privacy as well. The more that is recorded, the more data there is to secure and protect. Just last month, H&M was fined for collecting extensive details about their employees’ private lives, which was accessible to 50 other managers. So, it’s crucial that you understand exactly how your monitoring tool will collect and store information, particularly if this happening on a third-party system. If the data is stored in a different country to where you’re located, you may need to comply with additional regulations.
What technology is available to monitor employees?
If you feel employee monitoring is both necessary and justifiable, then the good news is there are plenty of tools available. I won’t list specific products or providers, but some features you might look out for include:
- Screen Monitoring – Captures real-time screenshots of a computer’s desktop or active window at set intervals, allowing you to see work in progress at any given point.
- User Activity Tracking – Tracks and collects real-time user actions and behaviour data on company networks and connected and monitored devices. Also known as User Behaviour Analytics (UBA), not only can these tools track productivity, they’re important for security as well. This proactive form of monitoring can help you spot suspicious activity and prevent access privileges from being abused. Some tools will also alert when actions you have marked as ‘suspicious’ happens. For example, if an employee tries to download unauthorised software to a work device, the administrator will be notified immediately.
- Internet Monitoring – Automatically monitors employees’ application and web usage during working hours. Reports break down what was accessed and for how long, allowing you to spot if someone’s spending too much time on certain sites. Most tools can also block, deter or limit employees from accessing unproductive sites during working hours. Usually, companies use these tools to block social media, online gaming portals, and entertainment or streaming sites.
- Time Tracking – Records time spent on projects or tasks. These apps are ideal for companies who bill by the hour, allowing for more accurate invoices, but it can also help with resource allocation. Records can help you identify bottlenecks and investigate whether you should amend processes or provide greater support for employees.
- Keylogging – Keyloggers run in the background to track, capture and record all keyboard activity and mouse clicks. They can track activity across a variety of platforms, including email, instant messengers, web browsers and apps. The data collected can provide insight into daily activity, attitude, professionalism and productivity.
- Call Recording – For industries, like recruitment, where communication is necessary for successful outcomes, your telephony system should be able to give you the insights here. Some hosted telephony and VoIP tools offer in-depth metrics including time on the phone, time to answer, who answered which call, and calls made/received/missed.
- Constant Presence Tools – Utilise the webcam to take photos of employees at regular intervals, to check they’re at their desk. With some products, you can see photos all on one screen and click on them to start instant video chat.
- GPS – This may an option if you have employees working at multiple locations or at client sites, as they can allow you to record individual’s hours and locations in one place.
Most software products will offer multiple productivity tracking features, so you don’t necessarily need a purchase a separate product for each one.
Final Considerations
Employee monitoring is a very difficult line to tread. It can never be a simple, blanket yes or no. Every business will need to evaluate the pros and cons in line with their specific processes, operations and culture.
Bear in mind, the current situation is an extreme one. It may be overly simplistic to solely blame ‘remote working’ for impacts on productivity. Employees may have legitimate worries or problems in their personal lives as a result of the pandemic. They might be trying to balance childcare with work, caring for sheltering or vulnerable relatives or their mental health might be suffering. You will need to mindful of the wider circumstances when discussing productivity with individuals, as some may need greater support to achieve their usual ‘office-based’ output.
If this is the first-time employees have ever worked remotely, this is not necessarily an accurate representation of how they would perform in ‘usual’ times. Yes, remote working is not for everyone. Some people much prefer to be in the office, surrounded by their colleagues. Some will always see it as an opportunity to shirk their duties, as there’s no one around to check-in. But I wouldn’t necessarily rush to write off remote working as a complete no-go for your entire business.
If you do decide to go the software route, then ensure you’re transparent about it and be aware of how it might affect your company culture, as well as the legal obligations you’ll need to fulfil.
Just remember that X hours in front of the screen does not equal X hours of productive work. Yes, these shiny new tools that take photos of employees at their laptop and track their GPS location, are great but they alone cannot paint a true picture. Arguably, working hours aren’t the most important thing, it’s the output of those hours. You need to identify meaningful KPIs and regularly track these to really assess an employee’s contribution to the business. A slightly extended lunch or an extra short coffee break in the afternoon might not be the end of the world if the work is still being done.
It’s all about balance at the end of the day.
The notion that a country’s military cyber-division has your business in their crosshairs for a cyber-attack feels ridiculous. Firstly, what could your business have possibly done to warrant such an attack and secondly, why would your business be a target?
Why do state-sponsored cyber-attacks target businesses?
A state-sponsored attack usually has one of three objectives: probing for and exploiting national infrastructure vulnerabilities, gathering intelligence or exploiting money from systems and people.
Directly attacking government or military systems to achieve any of these is hard. Comprehensive defences are in place and so the chance of success is low. But attacking businesses – where senior executives often baulk at the idea of spending money on the security basics – is far easier.
Businesses have become a favourite of state-sponsored attackers because they’re the least defended port into a country through which money or information can be extracted and disruption or unrest can be injected. Yet not all types of business are likely to be attacked.
What types of business should be concerned about state-sponsored attacks?
Let’s be real for a moment and acknowledge that most businesses don’t have to worry about state-sponsored cyber-attacks. Only if you fulfil one or more of the following criteria do state-sponsored cyber-attacks become a credible threat:
- You provide a service that would cause public disruption if it went offline (gas, electric, water, telecoms, Internet, medicine, transport, waste management or education etc.)
- You hold an active government contract
- You are a government or local council entity
- You are a highly profitable company
- You hold significant sensitive information (e.g. intellectual property or classified/secret information)
- You have a high financial sensitivity to IT downtime
- You have an office or operate in a potentially volatile region (Africa, Middle-East, Syria, Iran, Israel etc.)
Depending on which criteria you meet, the motives for an attack are different, but they generally fit into one of three categories: espionage, political or financial.
Espionage
Espionage is the most common motive and attacks of this type typically target companies who hold intellectual property or classified information and steal it to be used for blackmail, intelligence theft or counter-intelligence.
Political
Politically motivated attacks target companies whose service is important to public life and then hit their IT systems with a destructive attack to create unrest and disrupt the populace.
Financial
Financially motivated attacks target companies with a high likelihood of answering a ransom request such as those with a high sensitivity to downtime. The attack then uses ransomware or a distributed denial-of-service attack to disable their IT systems and pressure them to pay up to relieve the disruption. However, the ransom money isn’t the attacks’ goal because the real aim of such an attack is to manipulate stock prices or global markets to improve the attacking country’s position in the global ecosystem.
What threats do state-sponsored cyber-attacks pose to my business?
Existing threats
In the main, state-sponsored cyber-attackers use existing methods of attack but delivered from a military-scale operation. This means you’re now up against a cohesive team of well-educated computer engineers, using military-grade systems and an entire data centre or global bot network to deliver the attack.
There is an upside though and it’s that the principles of a strong cyber-defence still apply. If you’ve already made the effort to secure your operations, scaling up those defences and using more mature solutions provide a good deal of safety.
Unique threats
State-sponsored attackers also have several unique tricks up their sleeve which leverage their more advanced capabilities. Here are a few examples:
Surveillance
The most common type of attack is near undetectable man-in-the-middle intelligence-gathering operations. After infection, every email, file, and phone call is harvested, passed on to the attacker and analysed. GhostNet was a surveillance attack attributed to China (although they deny involvement) that infected high-value locations such as embassies in Germany, South Korea, India, Thailand, Pakistan, Iran and 97 other countries before being discovered.
Destruction
Infecting and overloading industrial systems to cause damage that will kill and injure employees whilst hurting economic output is another favourite tool of state-sponsored attackers. One such attack, attributed to Iran (although they deny it), occurred in 2018. Purpose-built malware was used to target a petrochemical plant with the intention to override safety controls, cause a build-up of pressure and trigger an explosion.
Crippling infrastructure
Other attacks are purely malicious. Russia is attributed (although they deny it) with the creation of the CyberSnake malware which provides attackers complete access to a network and the option to wipe all data from connected systems. The malware was used as a secondary channel of attack to cripple the Ukrainian power grid during Russia’s invasion into Ukraine in 2014. A number of countries also had strange power issues in 2019, although none were officially attributed to a cyber-attack.
Espionage
Finally, there are state-sponsored attacks that aren’t for the purposes of war, but for economic gain. In 2018, China allegedly conducted a multi-year cyber-espionage campaign that involved stealing intellectual property from several aviation engineering companies and using the stolen technology to design and build an entire aeroplane.
How can I protect my business against a state-sponsored cyber-attack?
Although state-sponsored attacks can be a genuine threat for certain businesses, there are several actionable steps you can take to increase your security.
1. Have the basics in place
Whilst the basics won’t protect you from state-sponsored attackers, they provide a fundamental level of cover, which is negligent to be without.
At a bare minimum, you need to be Cyber Essential certified – although if you wish to undertake government contracts, you’ll need the Plus certification. We have an entire article on how to achieve the security basics if you’re interested in learning more.
Alternatively, if you feel you have a secure environment but want validation, we also offer thorough security audits.
2. Integrate security into your culture
Whilst a check-list exercise like Cyber Essentials gets you started on security, to have any real chance against state-sponsored attackers, you need security integrated into the culture of your business. This can only be achieved by adopting and practising globally recognised security standards like ISO 27001 and adopting a continual improvement mindset.
A security culture is especially important if you plan on tendering for government work since standards such as ListX become easier to comply with if you’re already treating security sensibly.
Address things at the human level by simulating attacks and identifying which employees need extra training. Accountability of security with the board is also essential to ensure priorities are maintained.
3. Isolate critical IT systems/data stores
Separating your most important IT assets from the open Internet and general internal network multiplies the difficulty of stealing your intellectual property, taking down your IT systems or disrupting your operations by an order of magnitude.
But since most businesses are built around easy access to these resources, it’s not as easy as just cutting all connections to your critical IT assets. With some intricate networking and rights management configuration it is possible though and drastically improves your resilience.
If isolation isn’t a possibility at all, data loss prevention plus complete encryption for data both in transit and at rest should be made a priority instead. Our teams are well versed in this sort of project, so can help you undertake an effective implementation.
4. Clean up your technology supply chain
The banning of Huawei’s cellular networking products in critical infrastructure and government systems by the US and elsewhere may seem like paranoia, but it guarantees that if a backdoor does exist, you don’t have it.
If you’re in a government contract or planning to tender for one, you’ve probably already made steps to mitigate your use of risky hardware and software. However, if you’re still yet to map out what hardware or software you have in your infrastructure, undertaking an audit is imperative.
5. Engage in threat-sharing
Collaborating with the others in your industry to trade threat intelligence is an effective way to rapidly increase your resilience.
If the idea of sharing your security vulnerabilities and attacks you’ve had against your IT systems with your competitors sounds too risky, check if your IT support provider is already doing something similar.
A proactive support provider should already be taking lessons learnt from one client and applying them to all their other clients (for example, blocking a malicious IP for all clients after it was found targeting one). Having an IT support provider who specialises in your industry helps since it provides you with more relevant defensive updates.
6. Secure your communications
It’s imperative that you have at least one fully secure channel of communication (e.g. voice, data, text, video). Whilst apps like WhatsApp offer some security through end-to-end encryption, news stories such as the invasive WhatsApp exploit show that it’s far from business-grade software.
A secure communications solution is necessary for guaranteeing you have at least one channel of private communication – be it voice, video, text or email.
Securing your communications is especially important for companies with offices in volatile regions since state monitoring is more prevalent.
Conclusion
If you think you’re at risk of a state-sponsored attack, want to be secure enough to tender for government contracts or simply want to improve your defensive capabilities, we have experience in helping businesses in your situation.