Why has NatWest banned WhatsApp (and should you do the same)?

Major banking firm NatWest Group has recently banned its staff from using WhatsApp, Facebook Messenger and Skype on company devices.

This comes amid growing concerns around the use of certain communication channels that make it more difficult to retrieve messages.

Energy regulator Ofgem fined Morgan Stanley £5.41 million in 2023 due to traders using WhatsApp on private devices to discuss market transactions, breaching the rules on record-keeping. The Financial Conduct Authority (FCA) also said it was considering further investigations into how bank staff use messaging services.

WhatsApp’s limitations in storing and archiving messages have raised concerns over compliance with industry regulations, particularly in sectors where record-keeping is mandated. 

Still, as it remains a popular communication platform for small and medium-sized businesses (SMEs), could a complete ban be impractical?

Is WhatsApp Business safe?

WhatsApp is the most popular messaging app in the UK, with 41.4 million people using the platform every month. In the third quarter of 2023, WhatsApp Business was downloaded approximately 1.86 million times.

WhatsApp Business is popular among SMEs for good reason. It can be a useful tool for customer service, as it allows for real-time, two-way communication, making it easier for businesses to respond to customer queries quickly. 

Businesses can also set up automated messages for greetings, FAQs and responses when they’re unavailable. Meanwhile, its end-to-end encryption ensures that conversations are private, which can make customers feel more secure when sharing sensitive information.

But despite its obvious benefits, WhatsApp Business has come under serious criticism for its security practices, particularly after over 100 security flaws were reported in the last two years. 

As the platform allows third-party plugins and integrations, it raises concerns about the risk of unauthorised data access or potential breaches. This means that businesses relying on WhatsApp for customer communications risk exposing sensitive information to security threats, which could damage trust and potentially lead to compliance issues in data protection regulations.

How can I make my WhatsApp Business account safer?

If you use WhatsApp Business for your organisation, there are several ways you can protect your account. This includes:

• Enabling two-step verification: This requires you to set a six-digit PIN that must be entered whenever you register your phone number with WhatsApp again, making it harder for unauthorised users to access your account.
• Limit access to trusted personnel: If you have team members handling customer inquiries, make sure to limit account access to trusted individuals only. Avoid sharing credentials and log out of WhatsApp Web after each session on shared or public computers.
• Regularly monitor linked devices: WhatsApp Web sessions remain open on any device you’ve linked your account to, so you should regularly check for any unknown devices that are connected to your account. Immediately log out of any unfamiliar or suspicious devices.
• Avoid suspicious third-party integrations: While some third-party tools can be useful, they can also risk security vulnerabilities. Only use verified and reputable integrations, preferably those that comply with WhatsApp’s own API and data protection standards.
• Keep the app updated: New security patches are often released with app updates, so make sure to keep your WhatsApp Business app up to date, as regular updates will help protect you against any newly discovered security vulnerabilities.
• Look out for phishing attempts: Scammers may impersonate WhatsApp support or send links that appear legitimate. Avoid clicking on unfamiliar links, sharing personal information or providing your verification code, as this could result in your account becoming hijacked. You can also contact Whatsapp support to check if a message is legitimate or not.
• Encrypt backup: WhatsApp messages may be encrypted end-to-end, but backups aren’t by default. That’s why you should make sure to enable encrypted backups if you store your WhatsApp Business data on cloud services, as this will ensure your messages stay protected, even after a backup.
• Limit sensitive data sharing: Avoid sharing highly sensitive information over WhatsApp, such as financial data or personal identification. Instead, encourage customers to use safer channels such as SMS, chatbots or secure payment gateways for sharing these details, as this will reduce the risk of data exposure.

Data threat risks for SMEs

Data breaches are a significant concern for small businesses and SMEs because they can cause serious damage financially, reputationally and in everyday operations. Over 560,000 new cyber threats are discovered every day, with 81% of all businesses in the UK being classed as small businesses or SMEs. What’s more, only 17% of businesses have carried out cyber security training for staff in the last year.

Small businesses often don’t have the resources to recover quickly from a breach, so if sensitive information, financial records or employee data gets exposed, it can lead to hefty fines, legal costs and the need to fix security systems that were compromised.

Small businesses are often targeted because they might not have the same level of security as big organisations, so hackers can take advantage of weak passwords, outdated software or unprotected devices.

Even seemingly small actions like strong passwords or encrypting data can go a long way in securing sensitive information and maintaining customer trust.