WhatsApp has become the leading messaging platform, with around 2 billion global users collectively sending over 100 billion messages each day.
While using WhatsApp may be convenient, it isn’t built for secure internal communications.
Organizations, especially in the health sector, must therefore recognize and address the vast risks associated with its use and instead consider using a secure and professional internal communication platform.
However, if you’re currently using WhatsApp within your organization, you can still take immediate action to curb these risks.
Let’s go over the key concerns and dive into steps you can take to minimize them.
The Main Risks & How to Minimize Them
Risk 1: Organizations lack admin control
WhatsApp lacks essential administrative features and permissions, making it challenging to manage chat groups, control user capabilities, and provide oversight as organizations grow.
How to minimize the risk:
- Evaluate all chat groups regularly: Conduct a regular assessment to identify your organization’s existing WhatsApp chat groups. Gather information from team members to create an overview of these groups and determine their relevance. Keep group participant lists up-to-date, close unnecessary groups, and create a list of your groups in Excel or Word to ensure full trackability.
- Assign clear group admin roles: Clearly define and designate admins for each chat group. Specify their responsibilities, such as managing group activities, approving new members, and enforcing communication guidelines. This enhances accountability and oversight. Ensure admins are trustworthy team members that can properly reflect the organization.
- Limit the number of admins: Keep the number of admins for each group to a minimum. Having too many admins increases the likelihood of mismanagement or unauthorized actions.
Risk 2: Responsibility for offensive and inappropriate content
The inability to remove offensive or inappropriate messages on WhatsApp puts your organization at risk of legal action, financial and reputational damage, and loss of employee morale.
How to minimize the risk:
- Establish WhatsApp messaging policies: Clearly define and communicate expectations and guidelines regarding acceptable messaging behavior. Develop a policy outlining the types of messages and behavior that are not tolerated within WhatsApp groups.
- Communicate guidelines from the start: Inform all group members of the guidelines they must follow when creating new groups. Use the WhatsApp group description feature to add a summary of the conduct rules as a constant reminder.
- Address inappropriate content promptly: Respond immediately to offensive or inappropriate messages. Clearly communicate that such content is not permissible, request its deletion, and reinforce the organization’s commitment to respectful and responsible communication.
Risk 3: Error-prone manual upkeep
Managing WhatsApp groups manually can lead to errors, delays in adding and removing employees, and loss of control over groups when admins leave the company.
How to minimize the risk:
- Follow a structured procedure for adding new and removing former employees: Add new employees to company WhatsApp groups as part of the onboarding process and promptly remove former employees after their departure. While former members retain access to conversation histories, they should no longer receive new messages.
As you may need multiple admins to perform these actions, put one person in charge to ensure all admins carry out this task.
- Ensure offboarding reflects a review of the individual’s role: If the departing employee is a group admin, assign a new admin as part of the offboarding process to ensure the control of all WhatsApp groups remains within your organization.
Risk 4: Leakage of sensitive information
WhatsApp poses a risk of sensitive information leakage, especially when former employees still have access to WhatsApp conversations they participated in, even after being removed.
How to minimize the risk:
- Define clear policies regarding what information can be shared over WhatsApp: Ideally, share examples of information that should not be shared. For healthcare organizations, it’s recommended to restrict patient-related information sharing and instead use a secure platform through which the company can control and record sensitive data.
- Train the team: Include a chapter on the use of WhatsApp and its risks in your ongoing training programs. Emphasize that information shared over WhatsApp cannot be removed entirely and that everyone should think carefully before sharing documents, business information, or Protected Health Information.
- Create clear visual representation for groups: While little can be done after sharing information or images in the wrong group, you may minimize the risk of that occurring by using clear group names and images to capture the user’s attention before sharing any information.
- Ask your team to avoid sharing their devices: Whether at home or with friends, stress the importance of not providing others with access to a device that may contain sensitive information.
- Encourage the use of security settings: Ensure your team activates security settings on their phones, such as a passcode, facial recognition, or fingerprint authentication, to mitigate the risks of others accessing sensitive information. The device should auto-lock a short while after not being used.
Risk 5: Labor and employment lawsuits
Using WhatsApp for workplace communication exposes organizations to labor and employment-related risks, as complete conversation histories and employee-held information can be used as evidence in legal actions.
How to minimize the risk:
- Minimize the use of WhatsApp for labor-related communications: Whenever feasible, limit the usage of WhatsApp and try avoiding labor-related matters such as discussing overtime work hours, termination-related communication, or specific announcements.
- Provide managers with dedicated tools for work-related communication: Consider equipping managers with specialized tools specifically designed for work-related communication. These tools should facilitate effective communication with their team members regarding day-to-day work-related information.
- Review conversations upon terminating an employee: Before terminating employees, it is beneficial to review past WhatsApp communications with them to identify any potential labor litigation risks, as a comprehensive understanding of the full context can aid in effectively managing such claims.
Risk 6: Security and privacy issues
WhatsApp does not have commercial commitments with organizations using its consumer version. It doesn’t carry the responsibilities and obligations other software providers do, such as data backup and recovery or reporting on security breaches.
How to minimize the risk:
- Stay informed about vulnerabilities and their current status: Stay updated on the latest information regarding vulnerabilities in the WhatsApp platform by following news articles and publications tracking these developments.
- Evaluate the possibility of migrating to specialized work tools: Such platforms should be supported by legal contracts and thorough evaluations, ensuring that they and their providers hold responsibilities and commitments towards your organization.
The Bottom Line
Overall, while WhatsApp offers a convenient and widely used app, organizations must be aware of the risks associated with its use in the workplace, particularly in sensitive industries like healthcare.
Nonetheless, if you currently use the messaging app to communicate with your staff, use the above recommendations to enhance security and minimize the potential risks associated with using WhatsApp at work.
It is further highly recommended to explore alternative internal communication solutions that provide better control over data sharing and are designed specifically to suit your business needs.