this post was submitted on 19 Oct 2023
112 points (95.2% liked)

Technology

59669 readers
2856 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
all 22 comments
sorted by: hot top controversial new old
[–] [email protected] 59 points 1 year ago (2 children)

Text messages have to be turned over for those pesky subpoena's. Can't be leaving evidence laying around.

[–] [email protected] 25 points 1 year ago* (last edited 1 year ago) (1 children)

The issue is the opposite, because people use non official communication channels it's hard for regulators to get the information they need, and it can be taken as the bank hiding things, which leads to fines. It's in the article:

This could result in the breach of regulatory rules on recording all business communications, leaving little room for oversight by authorities to take action in case of compliance concerns.

"Banks use a wide range of approved channels to communicate in compliance with regulatory obligations,” a spokesperson for the bank told Bloomberg. “HSBC, like many other banks, reviews and adjusts functionality on its corporate devices as needed.”

[–] [email protected] 1 points 1 year ago

What about chat in games? IRC? Conversation had by making comments on Lenny posts? Jerry, we can't go with the suggestion Ann just made because we'll look really stupid.

Delay this until Q1 2024

[–] [email protected] 31 points 1 year ago (1 children)

That’s one way to stop the scourge of SMS based 2FA.

[–] [email protected] 9 points 1 year ago* (last edited 1 year ago) (2 children)

App based 2FA is even worse. Sure it's more secure but the likelihood of losing account access is much higher.
And don't talk about saving recovery codes. Security has to be practical and easy.

[–] [email protected] 9 points 1 year ago* (last edited 1 year ago)

The UX of manual 2FA is a problem. Copying numbers with a time limit is just a crappy experience.

Account recovery is a hard problem, but thankfully it’s usually not an all or nothing deal, and it has been getting a lot better. I know Apple has a complex recovery flow that terminates at an actual human.

[–] [email protected] 14 points 1 year ago

This is in the same vein as the secret service text message debacle after the Jan6th stuff.

I think you'll see this more and more as companies and government agencies try to reconcile regulations, cyber security controls, and business needs. Obviously there is a need for employees to communicate. There are laws surrounding record retention. And there are laws and needs for security controls to lock down phones, wipe data, etc.

Those three things don't always align with each other and if your employees pick a different channel to communicate they you can't control, then that's a huge problem from a regulation and even a security perspective.

That said, locking down work phones is only going to push people to their personal devices and that creates way more issues overall.

[–] [email protected] 3 points 1 year ago

People are completely missing the point here.

The banks are required to record all of the communications made by a large proportion of their staff. Probably they haven't found a way to do that for WhatsApp or text, so those are not approved communications channels. If they aren't approved, then why would they be on a work phone?

Of course the staff can break whatever rules they want, but they will be breaking rules. The banks make sure their staff know that, and as long as they've done all they can to stop it then what else can they do? There are always people who break the rules, and those who break the rules get punished when they're caught.

[–] [email protected] 3 points 1 year ago

This is the best summary I could come up with:


Personal devices won’t be impacted by the policy, and a select few employees who have regulated roles in the firm will still be able to send and receive messages, the outlet reported.

This could result in the breach of regulatory rules on recording all business communications, leaving little room for oversight by authorities to take action in case of compliance concerns.

Sixteen Wall Street giants including UBS and Barclays were collectively fined $1.8 billion by the SEC last September for employees’ use of personal devices and unauthorized apps for communication regarding business transactions.

As the use of private messaging platforms has proliferated in the business world, regulatory scrutiny over their use has intensified in recent times and spread beyond Wall Street.

Private equity firms including Carlyle Group and Blackstone are also being investigated for discussing business matters on apps like WhatsApp and Signal.

Reports suggest that a number of banks globally have suspended the use of encrypted apps like WhatsApp for work purposes following probes into its violation of regulatory rules.


The original article contains 457 words, the summary contains 171 words. Saved 63%. I'm a bot and I'm open source!

[–] [email protected] 3 points 1 year ago

If only I’d thought of that for my company phone! Then I wouldn’t be receiving all these spam and phishing messages!

[–] [email protected] -1 points 1 year ago (1 children)

People will resort to slack or teams or whatever and the problem will persist.

[–] [email protected] 7 points 1 year ago (1 children)

If those are communication apps supported by the bank, that's the idea. Banks have been hit with huge fines for employees communicating over unapproved channels.

One of the problems with the unapproved channels is that the bank can't enforce a retention period. So written messages that are supposed to be kept on record for 10 years or whatever can get deleted. In the event of a lawsuit the bank can be fined for not having the messages.

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago) (1 children)

I understand what they think will happen. But that doesn't necessarily mean they'll be using the banks approved channels etc. You can set up your own private channel in teams and in slack. If people want to communicate without having that info tracked by the bank or company or agency they work for they literally will use another service. Doesn't even have to be teams or an approved one. This article talks about texts and SMS. But WhatsApp and signal and even discord exist (banning one but not the others is playing whack a mole). This seems like the companies trying to keep up with the times without a real plan that considers alternatives.

[–] [email protected] 2 points 1 year ago

It's just on work phones, they can do what they like on their personal phones of course. However, if they are discussing anything business related they'll be fired and could be barred from working in the industry altogether.

HSBC etc completely lock down Teams etc, there is no private anything, it's all monitored as long as its on their devices and accounts.

Traders and other front office staff will have every single phonecall, email, IM, voice chat, and video call monitored and stored for something like 7yrs.