What’s Up with WhatsApp?

There are a few issues you need to know about before using this messaging app:

• Outside of the EU (GDPR), Meta, the owner of WhatsApp states it can share usage data from WhatsApp across the Meta “family of companies”. If you’re using it for official company uses this will likely contravene multiple clauses in client contracts.
• Precisely because of its almost universal usage, WhatsApp has become the target of many and varied phishing and impersonation attacks. We have seen these directly across multiple agencies in the Collective, and CISO has seen this across other IPG agencies.
• WhatsApp messages can be used to share links to sites that can (and have) caused direct impact to the WhatsApp user, including losing control of their account, and therefore anyone they communicate with.
• Any messages you send and / or receive on agency business are completely shielded from any sort of governance. This puts your agency in a potentially very difficult position should we need to review what has been communicated.

The best solution is to not use WhatsApp for business-related comms, but to use company-supplied Teams or Slack accounts. But if the client is insistent that you use it to communicate with them, firstly, get that in writing. Secondly, never share confidential or restricted information through it. Use official channels for that.

If you need some more information on what specific scams and fraud uses associated with the use of WhatsApp, contact your local IT team. Similarly, if you’d like some handy tips on how to use WhatsApp securely for personal use, your local IT team can help there too.