Nathaniel Mendell and Whitney Lee authored an article for Directors & Boards discussing the enforcement and cyber risks text messages pose for business communications.
“Although the use of text messages for business communications — including over personal phones and devices — is commonplace, effective and appropriate, handling of texts used for business communications is not,” the authors. “The SEC stumbled across this reality in 2021 when it discovered that employees at the investment arm of a large bank routinely used personal phones and text messaging for offline communication about deals. That was not in keeping with federal securities laws’ “books and records” requirements, which mandate that all deal-related communications be stored and retained.
“Because most text messaging services are not secure — which makes them vulnerable to unauthorized access, they are an attractive target for cybercriminals,” they continued. “Cybercriminals can intercept text messages and view the sensitive commercial information or personal information they contain, which can expose a business to legal and regulatory risks, including litigation and regulatory enforcement actions.”