Wie sicher sicher sind die internen Kommunikationskanäle Ihrer Mitarbeiter?

How secure are your workforce’s internal communication channels?

Though today’s consumer digital communications tools are designed to be the ultimate data mines, businesses can’t afford to take data security risks when it comes to their digital internal communications. As personal data becomes an increasingly lucrative commodity, and a currency willingly traded for access to everything from online shopping to social apps, the topic of personal data security should be paramount when developing an internal communications solution for your workforce.

Our online actions are being tracked and collected on an unprecedented level, resulting in massive amounts of personal data that can be leveraged for profit and advertorial aims. In contrast, whether your company is 25 to 25,000, we believe that data privacy ethics do scale: data security has been integral to Beekeeper’s team communication app from day one.

Protect Your Workforce From Data Security Issues

The recent Facebook data breach revelation raises important questions regarding company responsibility when it comes to data security. In this case, user data allegedly collected by a researcher from a quiz app downloaded via Facebook’s app marketplace was sold to UK-based political consulting firm Cambridge Analytica. Downloaded by 270,000 Facebook users, the quiz app also obtained the personal data of those users’ personal contacts––who, importantly, did not consent to the app accessing permissions––to the staggering tune of 50 million people. In light of this, it has never been more imperative for companies to adopt secure digital communication tools and proactively address data security in your digital workplace.

With Beekeeper, you’ve taken the first step in ensuring workforce data security by giving your employees a team communication app with:

  • Secure group messaging
  • Fully-monitored user controls
  • Best-in-class 256-bit TLS encryption
  • GDPR compliance

Facilitating Employee Connection Without Sacrificing Data Privacy

Employees want to be connected; this is a given. If companies don’t provide them with an internal communication solution, they will find messaging alternatives––likely consumer messaging apps like Facebook’s WhatsApp––that pose potentially devastating privacy and data security issues which could prove costly to your business. These consumer messaging apps are not secure, requiring employees to exchange personal information such as cell phone numbers and personal email addresses. Unlike consumer-facing messaging apps, where your personal data is exchanged for your free usage of the app, Beekeeper alleviates GDPR non-compliance risk as a subscription-based, secure internal communications solution built from the ground up specifically for business messaging needs.

secure internal communications

Secure Workforce Internal Communications with GDPR-Compliant Management Tools

Another key differentiator between consumer messaging tools and Beekeeper’s employee app is the lack of user management capabilities. With Beekeeper, in addition to controlling the messaging of your team communication app, company management can proactively regulate employee data from the moment a new employee is onboarded. This admin control is significant during employee offboarding, too.

Without secure internal communication, an employee who is no longer at the company could still have access to your workforce’s internal communication channels, presenting potential legal ramifications should any proprietary company information be divulged. What’s more, employee data is stored in these unsecured and unmonitored chats via the consumer messaging app. With Beekeeper’s administrative tools, access to your company’s internal messaging app can be closely controlled with personnel changes in your workforce.

Learn the steps you need to take to protect your company data with secure messaging by downloading our GDPR Assessment tool.

10 Fakten, die Sie jetzt über DSGVO wissen sollten

10 Facts You Need to Know About the GDPR

If you own or work for a company that does business with anyone who is in the European Union (EU), you’ve hopefully already heard a bit about the EU General Data Protection Regulation (GDPR).

In short, the GDPR, which has been in the works since 2012, will replace the Data Protection Directive 95/46/EC and improve data privacy throughout the EU for all its citizens. Whether you have current and repeat transactions with the EU or you may in the future, here are 10 facts you need to know about the GDPR before it goes into effect May 2018.

1. If You Own or Operate a Business, the GDPR Applies to You

Many business owners throughout the U.S. and other countries might assume since they aren’t based out of the European Union that the GDPR doesn’t apply to them. If your company processes personal data of any EU citizens, regardless of where you’re located, you are expected to follow all of the General Data Protection Regulation.

How do you know if your company processes personal data? If you offer goods or services to customers or business in the EU, you’re dealing with personal data and must be GDPR compliant. The GDPR greatly affects your internal communications so it’s critical to implement a compliant platform now so personal data remains secure.

2. Controllers and Processors Have Specific Responsibilities

According to Article 4 of the GDPR, if you are a ‘controller’ you are a person, public authority, agency, or another body that “determines the purposes and means of processing the personal data” of customers and businesses.

A ‘processor’ is in charge of processing the personal data on behalf of the controller. While the processor may seem like a “middleman,” under the GDPR, there will be legal obligations on a processor to maintain records of personal data and to improve the overall security of and processing of the data.

3. You Must Appoint a Data Protection Officer

The GDPR requires all organizations that do large-scale processing of particular categories of data, does widespread monitoring such as behavior tracking, or is a public authority, appoint a Data Protection Officer (DPO) to oversee the processing and follow protocol.

4. The Definition of “Personal Data” Will Change

When dealing with business transactions, we may assume that personal data is strictly related to account or ID numbers, as well as addresses and birthdate. While this type of personal data should be kept secure, the GDPR is expanding the definition of personal data.

Now, personal data will be related to “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.” Social, mental, economic, cultural, and even genetic information will now be considered personal data.

5. There’s a Deadline for Compliance

Once you determine whether or not the GDPR applies to you (remember, it will affect any company that has relations with the EU), you have until May 25, 2018 to be fully compliant.

6. There are Consequences for Non-Compliance

Anyone who should be compliant with the GDPR and isn’t by the deadline can face a fine which may range from 20 million euros to 4% of the company’s annual global turnover.

Fines may vary depending on how data is “mishandled,” which may (but are not limited to) include the failure to report a data breach, the failure to build in privacy by design, and the unauthorized transfer of personal data. Make sure to only use GDPR compliant means of communication. Some popular messaging apps like WhatsApp don’t meet the requirements and can result in these hefty fines.

7. Need a Clear Explanation for Collecting Personal Data

Many companies collect personal data without the other person knowing. Even if the individual whose data is being collected doesn’t mind, there needs to be a clear explanation of why and how the information is used. Under GDPR, explicit consent is also a must.

8. A Breach Must be Reported Within 72 Hours

Any breach that threatens the privacy of an individual’s data must be reported within 72 hours from when the breach is first detected. If GDPR determines there’s a delay in reporting, a company or organization may be fined.

9. Victims Must be Alerted to Any Risks

If a breach occurs, the company must contact the affected individuals immediately. According to GDPR, it’s not appropriate or “enough” to release the news of a breach through a press release, on a website, or through the use of social media.

10. GDPR Compliance May Differ from One Company to the Next

GDPR compliance is likely to be quite different from one organization or company to the next. Compliance has a lot to do with a company size, the personal data that is collected, as well as the goods and services offered. The best way to ensure your company complies by May 25, 2018, is to follow a GDPR checklist; it’s not too late to prepare yourself for the changes.

Get a free demo of Beekeeper’s GDPR internal communications platform to make sure you aren’t at risk.


How the EU GDPR Affects Your Internal Communications

As the countdown to the EU GDPR enforcement continues, organizations are frantically working to ensure their internal communications meet GDPR requirements to avoid being shut out from doing business with the European Union. The General Data Protection Regulation aims to protect both companies and the consumers they serve, so not meeting GDPR compliance standards means there’s more at risk than huge fines.

Get a free demo of Beekeeper here to see how you can improve your internal communications for desk and mobile staff throughout your organization.

Personal data protections affect outside business, but what you may not realize is that GDPR regulation also impacts internal communications systems within organizations. Keeping an eye on both internal and external data privacy might mean changing your organization’s internal communications strategy and its software to ensure GDPR compliance.

Information Lockdown

The GDPR overview covers users’ rights to access, rights to erasure of data, data portability, privacy by design, and even involves appointment and oversight of Data Protection Officers to track compliance. Transparency in data subjects’ rights, along with enhanced protections against security breaches, will affect how your organization handles information flow through internal communications in the future.

Locking down sensitive information is a critical component of the GDPR requirements. Here is what you need to know about personal information as it relates to internal communications.

The Definition of Personal Data

If your company regularly uses email or another platform for internal communications, you should expect significant changes in the way you use those media. According to GDPR requirements, personal data is any information about a person or data subject that offers identification. This loose definition includes:

  • Names
  • Photos
  • Email addresses
  • Bank details
  • Social media posts
  • Medical information
  • IP addresses

If your employees routinely hold private discussions via email, forward medical updates to Human Resources personnel via attachments, or work remotely, the GDPR regulation will affect your responsibility for that information. Still, these are only a few examples of information privacy concerns when it comes to internal communications within organizations.

Communication Solutions for GDPR Compliance

Choosing communication solutions that meet GDPR compliance protects users’ data by default. Both internal employees sharing personal information and workers processing client information will follow the same guidelines for information privacy.

Whether your business is part of the EU or not, clients and employees alike will recognize GDPR compliance as a sign that your organization takes privacy seriously. At the same time, acknowledging that employee internal communications, both on a personal and professional level, contributes to workplace morale is another component of GDPR compliance.

Improved internal communications policies and platforms help employees connect and ease the often-complicated transfer of information. However, getting employees on board may prove the most challenging part of adapting to GDPR requirements. Still, user-friendly services and integrations can help ease the transition, so choosing the right internal communications solution takes precedence.

Blocking Hacker Activity

Companies that fail to protect their employees’ and customers’ personal information face substantial costs in the form of fines and lost business if the breach occurs. Conforming to GDPR regulation not only adds further protection from hackers, but also guarantees that your company maintains client trust.

Request a free demo with one of our hotel experts

The new GDPR regulations mean that information traveling online might require a specific type of encryption protection (like end-to-end), but many businesses need more than email to support internal communications. Confidential peer-to-peer communication is one component of organizational communication systems, but that security can extend to all areas of the business to conform to the EU GDPR requirements.

Internal Communications Guide Productivity

At a time when business truly is global, ensuring that your company’s communication methods support rather than reduce its productivity is a priority. In fact, improved internal communications and collaboration through social technologies can raise productivity by 20 to 25%, according to the McKinsey Global Institute.

At the same time, adapting to alternative internal communications that adhere to GDPR requirements now means that when May 2018 rolls around, you’re ahead of the deadline in guaranteeing GDPR compliance. As a bonus, moving away from conventional communication methods frees up the time you previously spent clearing up misunderstandings due to lagging internal communications.

Employee Contributions to Communication

Although cybersecurity is a considerable concern for business owners, employees are often left out of the loop. Making sure that employees care about cybersecurity is the first step in adhering to the new GDPR privacy rules. Encouraging employee participation and feedback is a huge part of maintaining cybersecurity throughout your organization.

Your internal communications approach should consider employees’ needs and responsibilities. As you roll out new processes and guidelines to conform with GDPR guidelines, involve employees in the process. Create a communication policy that includes a GDPR overview and clearly defines expected employee behavior and notes any upcoming changes in communication platforms.

Making sure to highlight when and through which channels personal information should travel is the first step, but helping staff understand the intent behind these policies with a thorough GDPR overview is essential, too. Soliciting employee feedback confirms understanding and clarifies any details. This goes a long in way in improving and securing communication.

Participation to Productivity

While taking the time to help employees through a transition in both procedure and software may initially detract from productivity, note that companies with high effectiveness in change management and communication are 3.5 times more likely to outperform their industry competitors. This comes from a study by Towers Watson which highlighted employee contributions as they impact an organization’s bottom line. The study’s findings illustrate an intricate relationship between internal communication, management guidance, and job performance.

To get a more in-depth GDPR overview and learn more about improving internal communications, get a free Beekeeper demo now.

Is your organization GDPR compliant? Download Beekeeper’s 31-Point Assessment to Ensure GDPR Compliance created by our Data Protection Officer to find out.

Ditch WhatsApp at Work, Avoid a €20 Million GDPR Fine

Ditch WhatsApp at Work, Avoid €20 Million in GDPR Fines

On May 25, 2018, the EU will begin officially enforcing its new General Data Protection Regulation (GDPR) standards. This initiative aims to heighten personal data security across all businesses operating within or connected to Europe. In order to avoid GDPR fines, your organization should create a GDPR compliance checklist to ensure all internal communications–especially with your employee app–address GDPR compliance.

GDPR Penalties and Risks of Non-Compliance

Despite the initiative’s roots, the impact of GDPR compliance will stretch far beyond the confines of the EU. Any hotel that hosts international guests, for instance, is subject to the new GDPR rules. In other words, to avoid heavy GDPR fines of up to €20 million, it is crucial for all international business owners to ensure GDPR compliance well before next year’s deadline.

As we sprint to the GDPR compliance deadline, many companies are doing their part to keep their workforce informed. Amanda Finch, Director of Risk and Compliance at Journyx, spoke to us about how GDPR compliance will impact companies well outside of EU borders.

Finch states, “Any data you gathered from a person in the EU, regardless of where they actually reside, puts your company in the GDPR enforcement crosshairs. Can they really enforce these fines on non-EU companies? The answer is yes – they certainly can. In one example, the U.S. and the EU have agreed to a framework that permits enforcement against companies in the U.S. – a necessary step to maintain the vast amount of U.S.- EU trade.”

She goes on to ask, “Do you provide services to companies in the EU? Don’t rely on your knee-jerk instinct to assume that these GDPR penalties won’t flow down to you should those companies run afoul of GDPR compliance. If your EU customer gathers personal data and sends it to you, you are as liable as they for their misdeeds, and subject to the same GDPR fines.”

Internal communication tools sit at the crux of many of the new standard practices enforced by the General Data Protection Regulation, so naturally, we want to provide you with as much information as possible to prepare. A GDPR compliance checklist is a great place to start the privacy assessment of your employee app and other internal communications.

As digital workplace architects, our team at Beekeeper is constantly optimizing our internal communication tools and employee app so your company and employee data remain secure. Today we’d like to talk about what GDPR compliance means for ubiquitous international messaging tools like WhatsApp.

Why WhatsApp Could Lead to GDPR Fines as of May 2018

WhatsApp was never specifically designed for enterprise use, and the security risks of using a tool like this for official company business is well-documented. In addition to the fact that WhatsApp’s data privacy record leaves much to be desired, the employee app is also not optimized for group chat or collaboration. For non-desk workforces and busy teams who must collaborate on the go, this user experience is less than ideal.

Despite its shortcomings for corporate use, many international companies use WhatsApp as a cost-effective one-on-one messaging and conferencing tool. Under the new General Data Protection Regulation laws, however, the use of WhatsApp will count as a strike against businesses as it fails to meet the security standards that companies must uphold to avoid massive GDPR fines. WhatsApp’s GDPR compliance is questionable on several counts, including the Right to Access, the Right to be Forgotten, Privacy by Design, Data Portability, and Transfer of Data.

Achieving GDPR Internal Messaging Compliance in 3 Steps

Company content hubs should feel like a warm and lively gathering, not a ghost town. Carrying strong visual brand assets throughout your internal communications hub is a great way to encourage employee engagement and collaboration. Whereas a traditional intranet can feel as sterile and stark as a windowless chamber, the Beekeeper employee app can be customized for your business needs without robust assistance from IT or technical leaders in your organization.

In addition, the Beekeeper employee app interface allows individual employees to select functionalities like push notifications and workflows, giving a more personalized feel to the digital workplace experience. In addition to increasing productivity, these interactive features and notifications also encourage higher levels of participation within the company culture, leading to higher levels of overall workforce satisfaction.

  1. Adopt and Adapt
    As May 2018 is just around the corner, now is the time to adopt an internal communication tool built specifically for enterprise—a tool that meets GDPR compliance and that will mesh well with your employee workflow. Adopting an ISO 27001-certified IT strategy is recommended. Before onboarding employees, be sure the new system is thoroughly tested and passes our GDPR liability test.
  2. Implement a GDPR Compliance Checklist
    As old habits tend to die hard when it comes to messaging and communication, it’s important to host formal trainings that clearly outline the details of your company’s GDPR compliance checklist and how it applies to your employees and their use of your employee app if you have one. This will go far to make sure the company doesn’t incur any GDPR penalties while ensuring that employees understand how to use the new internal communication tool.

    When deciding which internal messaging tool is right for your company, be sure to keep in mind that it should be mobile-friendly with an accessible and customizable interface. Really Simple Systems CEO Jon Paterson has employed a diligent internal communications strategy to keep his entire organization aware of not just adjustments to usage, but of the high stakes implications, and potential GDPR penalties, for business.

    “Everyone who handles personal data – sales and marketing teams, accounts, HR, customer services – needs to be educated about GDPR compliance.” Paterson shares, “We’ve sent a briefing note to all such staff explaining what GDPR is, how it affects the company and how it will affect them.”

  3. Maintain and Enforce to Avoid GDPR Penalties
    Considering the massive financial risk of violating the General Data Protection Regulation rules, maintaining and enforcing GDPR compliance within your digital workspaces is of critical importance. As you retrain employees that have been with the company a long time on the new internal messaging tools and onboard new staffers, be sure to emphasize that using non-sanctioned messaging tools intended for consumers like WhatsApp, Viber, or iMessage is strictly prohibited, and that usage of any non-sanctioned messaging platforms puts the company at risk for GDPR penalties.

To ensure your internal communication tools don’t leave you vulnerable to GDPR fines, get a free trial of Beekeeper’s employee app.

new eu gdpr significantly impacts any hotel with international guests

New EU GDPR Significantly Impacts Any Hotel With International Guests

You’ve probably been hearing a lot of buzz about the EU GDPR. In case you want a refresher, the EU General Data Protection Regulation was designed to harmonize data privacy laws across Europe to protect citizens’ personal data and stand on a united front regarding every organization’s approach to security. It was approved on April 14, 2016 and companies are scrambling to comply since the regulation will be enforced May 25, 2018. Any companies that aren’t compliant will face heavy fines up to 4% of annual global turnover or $20 million Euros, whichever is greater.

If you work for a company outside the EU, you may think this doesn’t affect your data security standards—but think again. The GDPR doesn’t only affect companies in the EU. Any vendors and suppliers that work with countries in the EU must comply with the GDPR as well. This significantly impacts hotels as the majority have international customers, many of whom reside in the EU.

Beekeeper was recently featured on Asian Hospitality discussing the implications of the EU GDPR on hotels. Check out the full article to learn more about how this regulation affects your hospitality business.

Now is the time to assess your GDPR compliance and see what extra steps your organization needs to take to meet the deadline. Enter the form below to download Beekeeper’s 31-Point Assessment.

BYOD - how to manage employee demands and cybersecurity

BYOD – How to Manage Employee Demands and Cybersecurity

Allowing your employees to BYOD – “bring your own device” – is a cybersecurity concern, but you don’t have to let it keep your company from a secure cyberenvironment. Once you understand the benefits of implementing BYOD, you’ll be less hesitant to let your employees use their hardware to run company software.

In this article, we’ll discuss how to smooth over the tension between your employees’ BYOD desires like unrestricted access and your company’s cybersecurity needs, which are typically at odds with free-roaming device usage.

The two biggest factors we’ll discuss are employee education and smart policymaking, both of which rely on your tier of the company to do what you do best: take the lead.

Teach Your Employees About Cybersecurity

If we’re talking BYOD, we’re typically talking about smartphones. Your employees take their smartphones with them everywhere they go, and they’re amenable to mixing business with pleasure so long as the business portion doesn’t interfere with the operations of the device’s other uses. Therein lies the problem.

Smartphones, while the primary target of most BYOD initiatives, are also the biggest vectors for data leakage or loss, representing almost 70% of cases according to a cybersecurity trends report. If you want to prevent your organization from leaking data through every personal device’s sieve, you’ll need to control certain aspects of your employee’s devices.

Imposing control on employee devices is bound to make your employees unhappy, so you’ll have to use a lighter touch than a software-based lockdown. We’ll explain how to develop and implement a formal BYOD policy a bit later in the article, but first, we want you to realize the importance of changing your employees’ perspectives if you’re going to have a successful BYOD policy while maintaining security.

Your employees are more likely to implement reasonable BYOD practices if they understand the consequences of cybersecurity on the rest of the organization. BYOD can carry a risk to your employees, which you should be forthcoming about during your educational discussions.

The trick to BYOD is educating your employees that BYOD is a way for their device to peek into the larger corporate system upon which the entire organization relies. The scope of the peek—be it a keyhole or a cinema-screen—is directly linked to their ability to get the things done efficiently, while maintaining the security of the company’s data and the integrity of their device.

Depending on your industry, your educational regimen may be more technical, or more oriented toward non-specialists. Try not to throw the tech talk at the people who aren’t going to be interested in hearing about the technical detail. Instead, offer a few examples of good BYOD practices, a few examples of bad BYOD practices, and then showcase your company’s BYOD policy.

When showing examples, it’s important to link user behaviors to larger consequences. People respond best to realistic examples, so avoid scare tactics. Not every data breach caused by a BYOD-centric mishap is going to bring down the entire company, but be sure that everyone knows it’s a remote possibility.

By creating a workforce of informally savvy cybersecurity employees, you’ll be adding value to your employees’ skill set and providing them with tools to be vigilant while using their devices.

Create A Smart BYOD Policy

Now that we know the solution to BYOD issues is an explicit BYOD policy and an informal, yet detailed educational program for your employees, what are the concrete steps your company can take to put the wheels in motion?

First, resolve to follow through on making an explicit BYOD policy and talking through it with your employees who need it most. Don’t be like the majority of companies who leave BYOD policies to the realm of the informal or the socially-enforced, yet unencoded. You should pair good BYOD practices by your employees with rewards, and poor practices with mild consequences.

The better you craft your company’s BYOD policy, the more likely your employees are to follow it, and the more likely your company is to retain a strong cybersecurity perimeter. Remember, a policy is only effective if people are motivated and capable of following.

Draconian BYOD policies, while perhaps appealing to larger organizations, will result in more unhappy employees and higher turnover, hurting your bottom line. There’s no reason to let something that’s supposed to be a money-saver like BYOD become a point of loss.

Software as a Cybersecurity Solution

There are some ways that you can incorporate useful software into your BYOD policy for the betterment of your company. Software that can act as a soft barrier between your user’s device and your company’s important data, without getting in the way of the user’s job, is exactly what you should be looking for.

It may seem foolish to introduce an additional step in the already-complicated cybersecurity process, but using an app that’s designed to smooth the BYOD cybersecurity dilemma as part of your BYOD policy is a large step forward relative to trying to go at it alone.

By introducing a layer of protection, your employees can rest assured their device will stay safe and also stay useful in the course of their work. Even more importantly, you won’t have to worry about data breaches or malware infections slipping into your corporate network as a result of a permissive BYOD policy.

The trick is that an intermediary between your employees and your data lets your employees retain full control of their devices, while allowing your company to maintain full control of its internal perimeter. Your IT team will thank you, as will your BYOD users.

Download our “How to Minimize BYOA Risks When Rolling Out Your BYOD Policy” white paper for more information or request a demo with one of our app experts.