Instant Messaging Security and Why It Matters
Security and privacy are paramount for governments and regulated industries, especially when using enterprise communications solutions.
Employees need instant messaging (IM) tools for immediate communication to maintain productivity, and these tools must be extremely secure. However, many IM tools are “consumer grade” and lack a foundational security architecture built-in to the solution.
In many instances, these tools also exploit the data, which should be the sole property of the organizations and users who furnished it. Furthermore, the tools can unknowingly host nefarious actors, and are frequently targeted for phishing and malware attacks. Using the wrong IM tool can lead to a long list of negative consequences, which is why a communication tool that provides exceptional security and modern features for user productivity is a must-have, for governments and regulated industries in particular.
Insecure Communications and the Cost of Non-Compliance
Governments and regulated industries such as financial institutions have been the subject of serious breaches of trust and privacy as a result of using consumer-grade communications tools. Earlier this year, more than 100,000 private WhatsApp messages involving the former United Kingdom health secretary were leaked. These digital chats revealed what were meant to be private conversations between several senior politicians and officials. The nature of the ostensibly private messages brought significant reputational damage to those involved, and also eroded public trust regarding already contentious issues.
In 2022, the SEC charged 16 Wall Street financial firms with widespread record-keeping failures. The organizations’ employees were using consumer-grade chat applications with security and archiving protocols insufficient for regulated industry workflows. The combined penalties amounted to more than $1.1 billion.
Pervasive off-channel communication systems with no separation of work and personal data, insufficient security protocols, inadequate record-keeping capabilities, and poor reputations for trust and privacy, simply cannot be relied upon in today’s complex and highly-regulated government and industry applications.
How Consumer-Grade Messaging Tools Fail Organizations
From the history of leaks and breaches previously discussed, it’s clear that consumer-grade messaging apps have no place in government and regulated organizations, and that the choice to use them can come with significant risk. However, these tools raise more than just security concerns.
One critical issue is that users treat consumer-grade messaging tools as an informal way to communicate quickly. By mixing work and consumer tools, the lines of formality, procedure, and process become blurred. These muddied perspectives often increase regulatory risk.
There are additional shortfalls to consider when governments and regulated industries rely on consumer-grade apps:
- Backups are not inherently secure.
- Record-keeping and archival abilities are insufficient.
- A lack of identity validation makes way for scams, phishing attacks, and malware entanglements, which can lead to data exfiltration.
- Privacy is also a concern. In some previous cases, group conversations were indexed on Google and any individual could join them.
Is End-to-End Encryption Enough?
Some tools are perceived as secure because they leverage end-to-end encryption; however, they are often owned by companies that have historically monetized personal information for advertising. And some more security-conscious tools are also popular with dark web criminals and malicious actors since they are freely available to consumers. None of these solutions are suitable for important business or government conversations.
BlackBerry Messenger Enterprise Achieves Secure and Compliant Productivity
BlackBerry® Messenger Enterprise (BBMe) acts as though every communication is being eavesdropped upon and applies security features to foil any wiretap. As such, a patented security key exchange is leveraged to establish trust. The sender and recipient each have unique public/private encryption and signing keys. These keys are generated on the device by a FIPS 140-2 validated cryptographic library and are not controlled by BlackBerry. Each message uses a new symmetric key for message encryption.
Secure end-to-end signing and encryption protect all BBMe messages from eavesdropping or manipulation. Furthermore, TLS (transport layer security) encryption protects the connections between the device and the infrastructure provided by BlackBerry.
Message archiving is also available through the ultra-secure and trusted unified endpoint management (UEM), which can eliminate any concerns about insecure backups, and helps to ensure regulatory compliance — including requirements of the Security and Exchange Commission (SEC), HIPPA, and GDPR.
BBMe for Reliable Communications
BBMe’s reliability is trusted by governments and regulated industries alike. When networks are compromised or unavailable, due to a cyberattack or other event, BBMe has been proven to remain operational and secure, because of BlackBerry’s highly regarded infrastructure – the BlackBerry Network Operations Centre (NOC).
BBMe is also highly interoperable with BlackBerry’s critical event management solution, BlackBerry® AtHoc®. This integration allows for secure, out-of-band, two-way crisis communications to be delivered between BlackBerry AHoc and BBMe, by leveraging automated response playbooks that galvanize teams at the first signs of trouble.
Figure 1 – Example of BBMe on a mobile phone
How BBMe Delivers Popular Features
The government-grade security and compliance of BBMe is paired with a frictionless, easy-to-deploy, and consumer-like feature set, to deliver the following:
- Enhanced Multimedia Messaging and Conferencing
- Communicate securely and reliably in real-time, from anywhere
- Promote privacy by using a PIN to sign up, instead of an email or phone number
- Chat one-on-one or in groups, and conduct voice and video calls with trusted contacts both inside and outside of your organization
- Escalate encrypted chats to an encrypted voice or video call for urgent conversations
- Share pictures, videos, voice notes, files, and BBMe contacts
- Share content from one secure chat to another, to seamlessly move between chats and keep communication flowing
- Provide location shares, so contacts or a group can view real-time locations for a self-selected amount of time
- Start conference calls with easy access using a URL or QR code
- Reference existing chat messages when sending a new message through quote messages. This is particularly useful in group chats when users want to reply to an earlier message in the thread
- @mention group chat participants so they can action messages
- Communications Control
- Edit, recall, or set an expiration time on a message, picture, or document
- Know when a message is delivered, read, or deleted
- Retract all sent messages by deleting original chat encryption keys, so new keys must be created and exchanged to send additional messages
- Know when a message has been captured in a screenshot
- Restrict who can add users to a group/edit a group
Conclusion
BBMe keeps users securely connected, protected, and productive. Built for sensitive communications, the data security in BBMe isn’t simply a box we check: It’s in our DNA and the foundation of everything we do.
To learn more about BBMe, visit our product page and get started today.
For similar articles and news delivered straight to your inbox, subscribe to the BlackBerry Blog.
About Noah Campbell
Noah Campbell was previously a Senior Elite Technical Marketing Specialist at BlackBerry.