At Risk: What Your Law Firm Needs to Know About Using WhatsApp

By Steve Whiter, Director of Appurity

WhatsApp is widely used by many people; and that also includes your people, in your firm. Along with the risks that shadow IT present, make sure that your firm is fully equipped with solutions that will protect your organization, efficiently and comprehensively.

In a world where we see daily examples of cybersecurity fraud (and all manner of attempts), it probably comes as little surprise to learn that scammers have targeted a leading law via WhatsApp. In what appears to be a first of its kind, the Solicitors Regulation Authority (SRA) recently revealed that Linklaters had been the victims of scammers who used the messaging app to contact individuals under false pretenses. Those behind the attack reportedly tricked the law firm Linklaters by contacting individuals via WhatsApp regarding a foreign business transaction requiring specific action. At this point they hoped to dupe individuals by inviting them to contact somebody from the firm – actually a false phone number.

WhatsApp is ubiquitous. You’d have a hard time finding somebody who didn’t know what it was. As a text and voice messaging app, WhatsApp is used by people everywhere, for both personal and business use. It is used by millions of companies worldwide including many firms in the legal sector; how many Group chats does your firm boast? This last year saw strong levels of growth for the messaging service, no doubt fueled by COVID and the change to most people’s working patterns.

The Linklaters example notwithstanding, as a communication platform WhatsApp provides fairly decent levels of security and privacy via end-to-end encryption. But WhatsApp’s privacy policy changed earlier in the year when they stated that they reserved the right to share data such as phone numbers, IP addresses, and payments made through the app with Facebook and other Facebook-owned platforms. Additionally, they pointed out that if people were to use WhatsApp to talk with businesses that use Facebook’s hosting technology to manage those chats, those messages could subsequently be used by the business to target people with ads on Facebook. Clearly game-changing stuff.

Hardly surprising then that the demand for substitute messaging services such as Telegram and Signal has taken off. But these alternate services though give firms new challenges to overcome. IT departments need to fully review and understand any security features built into such apps. With many firms already dealing with an increasingly remote workforce, the security gaps or breaches when your people are using apps outside the usual control of IT departments are certainly highlighted. Taking stock of your internal processes and practices for optimizing privacy and security is especially relevant for the legal sector; monitoring sensitive communications has to comply with global industry regulations.

What Can Your Firm Do?

So how can firms guarantee high levels of privacy and security? As Linklaters discovered, any multinational organization with sophisticated apps can fall prey to hacking—just look at all the high-profile data breaches from the last few years. As a starting point, you need to have full confidence in the transparency and security of apps that your people are using. Does your IT department have complete knowledge of all the apps (and their potential vulnerabilities) that are being used by your people in every corner of the business?

App security assessment: You should start by conducting an app security assessment. This helps to identify and evaluate the threats and potential vulnerabilities within the apps being used by your people. With an increased level of understanding regarding how your firm is using mobile apps you are then able to develop a strategy to protect data, secure mobile devices and avert security breaches. Don’t forget, you are protecting your firm’s reputation as well as meeting industry compliance requirements.

Understanding any potential threats or vulnerabilities helps you to develop a proactive approach to securing data and devices. If you are looking to ensure that personal information is protected, then investigate messaging apps that require only an email address (without further additional personal details) for sign up. We understand that many firms might be concerned by the impending privacy and security changes to messaging apps.

Extra layers of security: Firms have a number of solutions at their disposal in order to secure their mobile messaging tools, whilst optimizing privacy across business communications and operations. Whether or not firms decide to stop using WhatsApp, they still require the flexibility to conduct business matters via messaging apps without compromising on security.

One useful solution is VoxSmart’s WhatsApp Capture. This offers a further layer of security to mobile communications by capturing all voice and text messages in real-time. Recording messages via a mobile capture app is especially opportune for the legal sector. And solutions like this highlight the importance of being able to account for business conversations that can be easily retrieved—both for adhering to global industry compliance and for the smooth running of business operations.

And don’t forget the importance of initiatives such as Cyber Essentials Plus. This UK Government-backed scheme helps to protect firms against a whole range of the most common cyber-attacks. It also demonstrates your commitment to cyber security, offering reassurance to your customers that you are working to secure your IT against cyber-attack. It can even help to attract new clients with the promise that you have cyber security measures in place. Research by recently found that 40% of the leading 50 U.K. law firms still didn’t have the highest level of cybersecurity accreditation offered by Cyber Essentials Plus, which is a major concern.

WhatsApp is widely used by many people; and that also includes your people, in your firm. With the hullabaloo surrounding its privacy changes and the recent scamming of Linklaters, perhaps your firm is researching alternate messaging services. Along with the risks that shadow IT present, make sure that your firm is fully equipped with solutions that will protect your organization, efficiently and comprehensively.

Reserve your pass today at Europe’s largest legal technology conference and exhibition