Mr. Hauprich, if messenger services meant for personal use are being used in the workplace, they’re clearly addressing a need, aren’t they?
Marco Hauprich: Of course. Messaging is the latest trend: 40% of decision makers in the digital economy describe messenger apps as being their most important communication channel in the future. And especially for younger employees, chats are the method of choice: according to a representative study by Kantar Emnid, almost half of employees under the age of 30 frequently use messenger apps for internal professional communication.
And since we are creatures of habit, such apps are easy to use since people are using them away from work, too. They know the look and feel and don’t need to adjust. The result: WhatsApp, in particular, is currently being used by many companies and government agencies. Either with official approval or it’s at least tolerated by those responsible.
Then everything’s should be fine, right?
MH: On the contrary: decision makers in companies and government agencies that tolerate the use of WhatsApp in the workplace are putting their organizations at great risk. For example, the app will transfer the address data of their customers and suppliers to its parent company Facebook. According to the new EU GDPR, this is only permitted if each and every contact explicitly gives their consents to the transfer of this information, something which in practice is rarely done. Severe penalties will apply to breaches of this new regulation come May, with fines of up to €20 million euros or up to 4% of a company’s annual turnover possible.
In addition, many messenger apps do not meet basic security standards. While it is annoying for private users when they get hacked and have to change their passwords, etc., a cyber-attack on a company can lead to its ultimate failure if company secrets get into unauthorized hands or if malware paralyses production.
In your experience, what do people want from messenger apps for business?
MH: Employees want the same kinds of features they know from WhatsApp and the like. The requirements for management are more complex, since not only do functionality and ergonomics play a role here, but also data protection and security aspects as well as integration issues. We included all this in the specifications for the development of SIMSme Business.
How did you implement these requirements?
MH: For a professional solution, it is first and foremost a matter of complying with current regulations. This means designing it in such a way that it complies with statutory regulations and ordinances. Only then can a solution guarantee a long-term protection of the investment. After all, what use is the smartest software if it has to be shut down the next time the regulations are made tighter?
Our solution is therefore geared to meeting the highest requirements, such as those set by the German government and the EU. The cryptographic algorithms and procedures comply with Technical Guideline 02102-2 of the Federal Office for Information Security (BSI). And we have registered our messenger app with the Federal Network Agency as a telecommunications service. Companies that use the software are therefore fulfilling their duty of care when choosing these services. Regular audits and data protection checks, such as those carried out by Cure53 and TÜViT specialists, ensure that this level of protection is sustained.
The messenger app covers the requirements of the EU GDPR that take effect May 25?
MH: Exactly. SIMSme Business not only protects a company’s data, but also personal information. We were able to adapt to the new regulations in good time. After all, the basic data protection regulations did not fall from the sky, but are the result of a long process of coordination.
What data does the software need?
MH: Only those really necessary for operation. No metadata is analyzed, shared, or permanently stored on the servers. We follow the zero knowledge approach here. If a recipient opens their messages, our system deletes the data from the servers on the same day. If messages do not reach their recipients, system routines remove the information after no longer than 30 days.
Speaking of system routines, can processes be centrally controlled in your solution?
MH: Yes, with the management cockpit. This enables administrators to distribute and configure the messenger app centrally, including user, channel, and group administration. If an employee quits, their access can be blocked immediately. In addition, the tool allows the app to be adapted to the compliance standards of an organization and to its corporate design.
What else do you have in your messenger development pipeline?
MH: The SIMSme Business web messenger is completely new. With this browser solution, employees can also use the messenger app on their workstations. This is handy because entering longer texts is faster with a separate keyboard, of course. The web messenger has all the security attributes of the app. And the data is always synchronized. in the browser, smartphone, and tablet. With web messenger, employees can simply continue what they were doing on the mobile app once they log into their desktop.
In your experience, what kind of business communication processes do you think take place using messenger apps?
MH: All forms of communication that exist when employees meet face-to-face. This includes coordinating in workgroups and teams; taking note of general messages from the organization; sharing, giving feedback on, and prioritizing documents, such as texts, presentations, videos, or oral messages. It goes without saying that trade secrets such as calculations or supplier agreements are also passed back and forth. Just like customer or personal data. All of this is practical and saves time, but is justifiable only if communication is really secure and confidential. If this is guaranteed, messenger apps can become standard communication channels in business and government agencies.
Thank you for speaking with us, Mr. Hauprich.