We’ve spoken about the importance of secure client communications before. From an accidental leak of information, to a malicious cyber-attack, compromising client confidentiality can result in the sort of reputation damage that can be hard to come back from.
But while organizations understand this, too often we find employees defaulting back to less secure communication methods. Why?
It comes down to two key factors.
Firstly, employees often don’t fully understand the scope of client confidentiality. Many believe client confidentiality relates only to the sharing of files, forgetting the amount of confidential material that is shared through voice call or chat channels.
Secondly, the tools available to them are often just too frustrating to use – not only for the employee, but the client too!
Let’s run down some of the popular ways businesses communicate with their clients, and the problems they can bring.
We’ve all experienced delays in starting a conference call! In fact, one recent report found that users routinely waste more than 10 minutes simply getting calls started. Beyond the drain in productivity, it’s the client’s user experience that really hurts here!
Of course, one of the biggest concerns come from the lack of security offered by many conferencing tools.
Dial-in conferencing often lacks visibility in who else is participating, and there’s a lack of control to remove unwanted guests. Users, it seems, have become complacent to these issues, with half of users reporting that it was “normal” not to know who else was on a group call – despite 70% admitting it was common to discuss confidential information on a call.
Much of the problem comes from re-using dial-in codes, and sharing them through email – as well as the lack of end-to-end encryption on offer from even the leading vendors.
While the vast majority of use is for internal communication, many businesses do take advantage of Slack’s guest accounts to extend use to clients.
There’s no issue with this, but just like its use internally, users need to understand the limitations of using Slack externally to share confidential information - either through chat, file sharing, or voice / video calls.
Adding clients to open channels means content is searchable by all company employees, potentially violating contractual obligations to protect client data through the exposure of sensitive information outside of the intended recipients.
It’s also worth remembering that while Slack allows multi-user video chats, it doesn’t encrypt them end-to-end. This puts any information you disclose over a Slack call at risk. There’s also anecdotal evidence that Slack is able to access your chat history according a report from Gizmodo.
WhatsApp does, at least, offer end-to-end encryption (although the code isn't open source and thus not auditable like Wire’s), however, it's a consumer tool that lacks enterprise features and control.
Using a tool that is soon to include advertising (and therefore calls into question how metadata is being used), might not be the most effective way of demonstrating to clients that you take their confidentiality seriously.
Remember, Whatsapp has become one of the most blacklisted apps in enterprise as more and more IT professionals start to question how the app’s access to users’ personal data (such as client contacts), could violate GDPR’s terms for the processing and storing of personal data.
Skype is an obvious choice for Microsoft O365 users, however it doesn’t (at the time of writing) support end-to-end encryption on voice or video calls as standard to all users. This puts any information you disclose over a Skype call at risk from eavesdropping or a man-in-the-middle attack.
Unless clients have their own Microsoft ID (and Skype for Business desktop app), they will be invited as guests and asked to install a web-app plug-in. Bizarrely, the experience can get even more confusing for clients that do have the Skype for Business desktop app installed as part of their organization’s own O365 deployment, as the invitation defaults to opening the installed app, which of course won’t be part of your domain - resulting in a failed connection. Of course, there are workarounds - but it’s not the slickest client experience!
Like anything, if the tools available to your employees (and your clients), aren’t fit for purpose, you expose yourself to risk.
At Wire, we understand that the ability to communicate securely with your clients is critical to your success. We also understand that your clients are looking to partner with organizations that take their confidentiality seriously.
Features such as Wire’s secure guest room, show just how seriously we take this. With a guest room, you can extend the benefits of end-to-end encrypted messaging, calls, and file transfers to your clients and partners. With a secure guest room, clients don’t even need a Wire account, and there’s no sign-up process.
Unlike many other tools, guests have full functionality - participants can message, call, join a video conference, or share documents and images. And, because all data is encrypted, there’s no risk of it reaching third parties, meaning you’ll be fully GDPR- and CCPA-compliant. Start your free trial and experience Wire Pro.