Our Insights

Thought Leadership and Industry Trends

Home 9 Insights 9 Off-Channel Communications Compliance: Steps to Secure Business Messaging

Off-Channel Communications Compliance: Steps to Secure Business Messaging

Apr 18, 2024

In Part 1 of our off-channel messaging communications series, Bill Belt detailed the evolving SEC and DOJ enforcement stance on off-channel messaging for business. In Part 2, we will discuss how companies can address their workforce needs and embrace the productivity benefits of modern communication platforms, while ensuring proper compliance.

Acknowledgement: Identify the Problem

Managing off-channel communications can be summed up in two words: acknowledgement and adjustment. First, companies and government agencies must acknowledge that current compliance policies and solutions may not be effective in addressing the unique set of retention and preservation challenges posed by modern messaging platforms. Acknowledgment starts with a clear understanding of where an organization’s off-channel messaging apps are being leveraged, and by whom. Many companies looking internally at these items are quickly coming to terms with three realities:

  • The business use of off-channel, unregulated communication apps by employees is much more widespread than previously thought. 
  • Application and device usage polices have not kept up with both the rapid advance of communication technologies and the breadth and velocity of regulatory enforcement.
  • Existing, in-place compliance technology solutions have not evolved to cover the rapid technical evolution of modern digital communication platforms.    

Each of these areas requires a company-wide acceptance of what risks are now in play, followed by quick attention to the next phase–adjustment. 

Adjustment: Modifying Device and Usage Policies

Part of this assessment requires modification of an organization’s device and usage policy. Existing device/application policies (BYOD or not) could not have possibly anticipated a global pandemic or predicted the remote shift of workforce and the massive proliferation of messaging applications or corporate communication. But if an assessment confirms that at least one internal group is using off-channel communication apps to send or receive business information subject to archiving requirements, monitoring and archiving controls must be quickly adjusted. The technical challenges associated with expanding policies to cover modern communications must also be addressed. While the general approach may be similar, the technical complexities are much more significant.    

Enhanced messaging compliance requires an application solution that can capture all critical communications to and from employee users, regardless of whether the app is user controlled (WhatsApp) or managed by the business (Slack). Not surprisingly, off-channel message monitoring and archiving is an evolving industry with a variety of competitive solutions, often with different deployment configurations. 

Message Archiving Essentials 

Regardless of the provider or technical approach, any solid message archiving solution should include the following: 

  • Robust security – Off channel messaging can be a mix of personal and business content and extremely sensitive. Encryption and secure access controls to any archiving solutions are critical.
  • Comprehensive message retention – Ensure all data is captured across all monitored channels.
  • Data retrieval and export functionality – Search and retrieval tools, including AI-driven features and seamless integrations with other compliance archiving and eDiscovery tools, should be included.
  • Automation – Look for solutions that can enhance your compliance team’s workflow efficiencies and process improvements.
  • Reporting and audit functionality – Track, track, track.  Who accessed these records, when, where, and how? This information is critical and often required in tightly regulated environments.
  • Data intelligence and threat response optimization – Leverage technologies that can use monitoring and retention capabilities to respond quickly and protect the company against threats, e.g. IP theft, data loss, data exfiltration.
  • Scalability – The volume of off-channel messaging data can be immense. Choose a solution that is proven to scale and handle that level of volume.

Regulatory agencies have taken notice of lackluster message record keeping and are taking action. Companies need to adjust to this reality and take measures to fully manage both risk and exposure. While there are many policy and technical challenges to consider, an effective off-channel compliance solution is possible, and is essential to an organizations data governance plan.

About the Author

Brad Berkshire

Brad Berkshire

Brad Berkshire is an eDiscovery, information governance, and digital forensics expert whose role at Complete Discovery Source includes leading complex projects and consulting, training, and educating internal teams as well as external clients on information governance, digital forensics, and data acquisition best practices. He also provides consulting and advisory services to the CDS forensic services team and direct support to clients with project scoping on information governance and forensics related projects. In his 25 plus years' experience working in information systems, digital forensics, and eDiscovery services, Brad has performed over 2,800 targeted data collections and forensic imaging acquisitions for cyber investigation, discovery response, and regulatory response engagements. These engagements include forensic data acquisition and data analysis for all types of digital storage including PC and Mac laptops and desktops, servers and enterprise application sources, structured databases, cloud data sources, social media sources, and mobile devices and mobile device applications sources.