That’s one way to stop the scourge of SMS based 2FA.
Report: HSBC to ban text messages on company phones | Fortune
Submitted 1 year ago by fne8w2ah@lemmy.world to technology@lemmy.world
https://fortune.com/2023/10/18/hsbc-bank-whatsapp-probe-sec-on-work-phones-banning-text-messaging/
Comments
vzq@lemmy.blahaj.zone 1 year ago
flamingo_pinyata@sopuli.xyz 1 year ago
App based 2FA is event worse. Sure it’s more secure but the likelihood of losing account access is much higher.
And don’t talk about saving recovery codes. Security has to be practical and easy.vzq@lemmy.blahaj.zone 1 year ago
The UX of manual 2FA is a probleem. Copying numbers with a time limit is just a crappy experience.
Account recovery is a hard problem, but thankfully it’s usually not an all or nothing deal, and it has been getting a lot better. I know Apple has a complex recovery flow that terminates at an actual human.
cybersandwich@lemmy.world 1 year ago
This is in the same vein as the secret service text message debacle after the Jan6th stuff.
I think you’ll see this more and more as companies and government agencies try to reconcile regulations, cyber security controls, and business needs. Obviously there is a need for employees to communicate. There are laws surrounding record retention. And there are laws and needs for security controls to lock down phones, wipe data, etc.
Those three things don’t always align with each other and if your employees pick a different channel to communicate they you can’t control, then that’s a huge problem from a regulation and even a security perspective.
That said, locking down work phones is only going to push people to their personal devices and that creates way more issues overall.
DirigibleProtein@aussie.zone 1 year ago
If only I’d thought of that for my company phone! Then I wouldn’t be receiving all these spam and phishing messages!
falcomomo@lemmy.world 1 year ago
People are completely missing the point here.
The banks are required to record all of the communications made by a large proportion of their staff. Probably they haven’t found a way to do that for WhatsApp or text, so those are not approved communications channels. If they aren’t approved, then why would they be on a work phone?
Of course the staff can break whatever rules they want, but they will be breaking rules. The banks make sure their staff know that, and as long as they’ve done all they can to stop it then what else can they do? There are always people who break the rules, and those who break the rules get punished when they’re caught.
autotldr@lemmings.world [bot] 1 year ago
This is the best summary I could come up with:
Personal devices won’t be impacted by the policy, and a select few employees who have regulated roles in the firm will still be able to send and receive messages, the outlet reported.
This could result in the breach of regulatory rules on recording all business communications, leaving little room for oversight by authorities to take action in case of compliance concerns.
Sixteen Wall Street giants including UBS and Barclays were collectively fined $1.8 billion by the SEC last September for employees’ use of personal devices and unauthorized apps for communication regarding business transactions.
As the use of private messaging platforms has proliferated in the business world, regulatory scrutiny over their use has intensified in recent times and spread beyond Wall Street.
Private equity firms including Carlyle Group and Blackstone are also being investigated for discussing business matters on apps like WhatsApp and Signal.
Reports suggest that a number of banks globally have suspended the use of encrypted apps like WhatsApp for work purposes following probes into its violation of regulatory rules.
The original article contains 457 words, the summary contains 171 words. Saved 63%. I’m a bot and I’m open source!
atrielienz@lemmy.world 1 year ago
People will resort to slack or teams or whatever and the problem will persist.
ThisIsNotHim@sopuli.xyz 1 year ago
If those are communication apps supported by the bank, that’s the idea. Banks have been hit with huge fines for employees communicating over unapproved channels.
One of the problems with the unapproved channels is that the bank can’t enforce a retention period. So written messages that are supposed to be kept on record for 10 years or whatever can get deleted. In the event of a lawsuit the bank can be fined for not having the messages.
atrielienz@lemmy.world 1 year ago
I understand what they think will happen. But that doesn’t necessarily mean they’ll be using the banks approved channels etc. You can set up your own private channel in teams and in slack. If people want to communicate without having that info tracked by the bank or company or agency they work for they literally will use another service. Doesn’t even have to be teams or an approved one. This article talks about texts and SMS. But WhatsApp and signal and even discord exist. This seems like the companies trying to keep up with the times without a real plan that considers alternatives.
Skyrmir@lemmy.world 1 year ago
Text messages have to be turned over for those pesky subpoena’s. Can’t be leaving evidence laying around.
jmcs@discuss.tchncs.de 1 year ago
The issue is the opposite, because people use non official communication means, it’s hard for regulators to get the information they need, and it can be taken as the bank hiding things, which leads to fines. It’s in the article:
Skyrmir@lemmy.world 1 year ago
They could claim it’s for easier reporting by dropping WhatsApp, getting rid of texts is blatantly about preventing paper trails.
MechanicalJester@lemm.ee 1 year ago
What about chat in games? IRC? Conversation had by making comments on Lenny posts? Jerry, we can’t go with the suggestion Ann just made because we’ll look really stupid.
Delay this until Q1 2024