< Back
cyberthreat news


ercom citadel
01 January 2023

How to convince your employees to stop using WhatsApp and choose a more secure solution?

2 billion users worldwide, including 31 million in France.
These staggering numbers illustrate the power of a messaging application like WhatsApp. It belongs to Meta (Facebook), since its purchase in 2014 for $16 billion, and its popularity shows no signs of slowing. WhatsApp is reliable, easy to use and imposes virtually no restrictions to its use.

Between the professional world and personal life, the boundary is porous. For those who are used to WhatsApp, it is therefore normal and legitimate to use it for work as well. And that's where things get tricky. Because despite appearances, when it comes to cyber security, not all is rosy in the world of WhatsApp. Explanations.


Real, but questionable encryption
WhatsApp uses this as a marketing claim: all conversations are encrypted from end to end without any intermediary. While this is indeed a good practice, it is only effective on individual conversations. Researchers have discovered that this encryption could be circumvented by hackers in group conversations. And once inside the system, cybercriminals have access to all your conversations. Rather embarrassing when WhatsApp is used to transmit confidential data and information.

Organizational problems related to shadow IT
Using WhatsApp may not raise questions for managers, but it should, because it encourages the development of shadow IT, which is the use of tools and general public solutions for professional purposes, and above all, in a way that is not authorized by the IT department and internal policies. Exchanging information on WhatsApp with a colleague is convenient and fast. However, it also creates an unofficial and parallel communication channel, which cannot be controlled. Creating thematic groups, moderation, privacy rules, user management... it's impossible to know exactly what is really going on in WhatsApp. There is no administrator or rule. An untamed place that can lead to documents, files or business and private conversations ending up in the wild.


Data collection and metadata
If it's free, then you are the product.

Behind this well-known adage, we find the whole philosophy of Facebook. By using WhatsApp, you consent to give the application access to your entire contact list, as well as a treasure trove of behavioral data related to metadata: phone model, operating system, search browser, IP, phone network, geolocation, data related to your phone number, etc. This metadata is used to build an accurate picture of users that can then be used for targeted advertising purposes. If WhatsApp can't read your messages or access your photos, it knows when you're chatting and with whom, which is always useful for Facebook to complete the information they already have about you. Who wants to share professional secrets or sensitive conversations on a tool that knows everything about you, your communication habits and behavior?


With WhatsApp, you're just a phone number.
In order to work, the application needs your phone number and this is a restrictive process. On WhatsApp, you are not anonymous. The application knows exactly who you are and what you do. Also, if you change your phone number, you may continue to receive messages, but will not be able to read them. Conversely, if your number is assigned to another person, which is very often the case in companies, this person, when logging into WhatsApp after the double identification procedure using an SMS message, will be integrated into the previous conversations or groups, and may receive messages that are not intended for her.

Group conversations have room for improvement
In a business setting, group conversations are among the most useful and relevant features. But with WhatsApp, everything becomes complicated: it's impossible to quickly create thematic channels, let alone share screens for instance. All group members' phone numbers are displayed in plain text, and there is only one level of administration defined, making granular management impossible. Add to this the fact that it is impossible to close a group if it is not empty and that any user can add another user to a group, and thus share their contact information.

While personalization of conversations and communication channels should be paramount, managing business discussions on WhatsApp can quickly turn into a nightmare.

Which alternative should you choose?

While WhatsApp is a useful and efficient tool for conversations among family and friends, it is, on the other hand, a tool that is far from excelling in the professional environment. Whether it's because of its limited functionality or its data collection policy, nothing beats a truly successful and secure business communication application.


We have developed a more secure and trusted alternative for you. Citadel Team is compatible with all your devices and offers all the standard features of instant messaging. Hosted in France and operated by Thales, Citadel Team offers a high level of security. With the end-to-end encryption option, only your device can read your conversations. This solution will allow you to improve the responsiveness of your teams and centralize conversations.