5 Steps to Eradicate Text Messaging Risk

A guide to building a strong mobile risk management program that will let your organization take advantage of text messages for business

Text messaging is now woven into our work and personal lives.

Social changes, combined with technology advancements, have cemented the use of text and multimedia messaging as an inescapable requirement in today’s work environments. Today, texts are transmitted at a rate of 200,000 messages per second. To put this into perspective, Twitter averages just 6,000 tweets per second

Alongside social networks and other digital communications types, the use of SMS and MMS technology in businesses puts intense pressure on organizations to adapt their governance policies and procedures to keep pace with regulatory, legal and risk management requirements in mobile environments. Every organization must protect its brand, which means all incoming and outgoing business communications should be monitored and be easy to find and produce when needed. In addition, organizations in the financial services, legal, lending/mortgage, energy, and healthcare industries have electronic communications archiving obligations enforced by regulatory bodies, while government organizations have various Open Records laws that require communications records to be made available to the public.


How Should You Handle the Challenges of Text Message Compliance?

Historically, risk averse organizations in highly regulated or litigious industries tried to prohibit text communications as a business communication channel to avoid compliance challenges. However, prohibitive and reactionary policies against the use of text messaging do not adequately reduce risk today within an organization. Mobility is now essential for success, so businesses must figure out how to enable their workforce while securing important data.

Map out your organization’s mobile business requirements

Before you set up a comprehensive archiving solution for the retention and oversight of text messages, you’ll need to define/refine your organization’s overall mobile strategy. Here are 5 steps to building your mobile strategy:

1. Know Your Device Ownership Scenario(s).

Who will own and operate devices used for text communications? To begin, address how your organization will provide mobile devices that are used for business text messaging. This is important, because your device ownership and billing model will have a significant impact on how your organization implements its mobile and text messaging archiving and compliance plan.

The major categories of device ownership are Bring Your Own Device (BYOD), Choose Your Own Device (CYOD), Corporate-Owned Personally Enabled (COPE), or a combination of these scenarios. Each approach to device ownership has advantages and drawbacks, so there’s no ‘perfect’ solution that suits every organization. Your choice of device ownership should be made based upon the specific needs, objectives, and capabilities of individual user groups within your organization.

2. Update your communications policy to account for business text messaging.

While mobile device policies likely already have a place in your organization’s information security policy and supervisory procedures, you will need to enhance these to include explicit direction on acceptable use of text messaging for business purpose, and then enforce compliance. Your policy should address the following questions, and be distributed to employees:

Which type of mobile hardware is preferred/mandated for business use?
This is related to your device ownership strategy. Will your organization require/prefer iPhones, or can employees use multiple types of devices?

What type of data and devices will be archived and supervised?
Be specific with employees here, noting who, what, when, and where business communications and text messaging on mobile phones will be archived and supervised. Also, note how communications will be archived, so employees are aware if they need to enable a specific archiving technology on their phone to be compliant.

Will you allow employees to whitelist contacts on mobile phones?
Describe if, how, and when employees can whitelist certain contacts (usually personal contacts like a spouse or physician) to exclude or prevent sensitive personal or medical conversations from being captured, archived and supervised by their employer.

The popularity of text messaging is growing every year, and many employees and their clients now expect to use it as a tool to conduct business.

Prohibiting the use of text messages is not only unsustainable for an increasingly mobile workplace, but it also does not protect your organization from risk – it simply hides risk where you can’t see and manage it.

Read 5 Steps to Eradicate Text Messaging Risk to learn:

  • How to handle any compliance or policy challenges of text messages
  • Why your organization’s device ownership scenario matters, and how to choose the right one
  • How to account for text messaging in your policies, and use technology solutions to manage risk

In Our Guide You’ll Learn


How to handle any compliance or policy challenges of text messages

Approve use of any device

Why your organization’s device ownership scenario matters, and how to choose the right one


How to account for text messaging in your policies, and use technology solutions to manage risk


Get the Guide

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "get the guide", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.