EY explains what WhatsApp’s new privacy poly means for business in APAC.
SEE ALSO : Naver to compete against Facebook and Google
The migration to Signal reflects growing concerns over privacy and security and how business leaders should react.
Many employees are using unsanctioned social media platforms as an unapproved means of conducting business conversations. Whilst data is encrypted, employees may unwittingly be disclosing information they are not aware of to third parties (for example the metadata of what type of device they have, their phone number, which businesses they are interacting with etc.).
Added to this there is the fact that social media platforms of this nature are often mixed between business and pleasure, increasing the risk of sensitive information being disclosed to the wrong party. Business leaders should be encouraging staff to use corporately sanctioned communication platforms for business chat.
The level of data encryption adoption to protect clients and consumers has increased among APAC companies.
Use of encryption has increased dramatically in APAC in response to regulation which requires it, particularly when personally identifiable information needs to be passed to third parties. This is also true of credit card information, as required by PCI regulation. Many commonly used business software platforms automatically encrypt information, which has increased its take up.
This generally affects “data in motion”, however, and not “data at rest”. Much corporate “data at rest” is still unencrypted however, allowing attackers to access this data once they are inside the corporate environment.
Companies can overcome difficulties in deploying data encryption. As with any technology implementation, it is important not to try and “boil the ocean”. Identifying the most important data, consolidating where it is stored and then focusing encryption efforts on that is the key to a successful implementation.
There are challenges for APAC companies, multinationals and SMEs, with regards to using encryption technology in data protection. Deploying encryption incurs cost and usability roadblocks. Added to this, whilst some regulations require encryption of data, other regulations forbid it in certain jurisdictions. The encryption debate is particularly hot in areas of law enforcement, where you get the tension between users who want communications to be private and law enforcement agencies who want access to that data, generally in the fight against terrorism and crime