Using Signal or WhatsApp for Work? Here's a Checklist of Compliance and Security Considerations

Concerned man holding both sides of his head with his hands

Consumer privacy: better than nothing...

Consumer messaging apps like Signal and WhatsApp prioritize individual privacy through end-to-end encryption. That means that messages are fully encrypted before leaving your mobile device and aren’t decrypted until after reaching your recipient’s device.

But, they lack centralized enterprise controls that are crucial for regulatory, statutory, and legal compliance, as well as best practices for organizational security and policy requirements, because they were designed for consumers and not enterprise needs.

Stressed seated executive holding her head in hands looking down with hands coming in holding files, tablets, phones, and more coming in from both sides
  • Determine involved conversation participants
  • Notify conversation owners for participant removal
  • Alert owners when to shut down specific conversations
  • Reevaluate participant presence in conversations
Collection/Reconstruction of Audit Trails
  • Collect phones of participants

  • Manually review and capture relevant communications

  • Exclude non-relevant communications

  • Assign responsibility for this activity

  • Securely store and verify newly reconstructed archives

Remediation/Risk Reduction
  • Utilize Disappearing Messages (Note: Can impact audit trails)
  • Adopt Mobile App/Device Managers (Note: May incur costs)
Policy Enforcement
  • Implement Endpoint Management
  • Use Mobile Application Management (Note: Costs may apply and may not suit new IR devices)  
Federation Governance/Participant Management
  • Define authorization for adding external participants

  • Establish conversation participation moderation/termination

  • Report unknown/unverified participant additions

But my team insists we use XYZ...​

We get it. Sometimes, you have to do what you have to do. We’re here to help!

Here’s a handy checklist of what your organization should consider addressing through policies, procedures, and compensating technologies if you’re planning to use consumer privacy focused apps like Signal or WhatsApp in an enterprise context.

You could deal with all of those compensating controls or you could get ArmorText.