A recent article in The Atlantic describes a significant faux-pas in operational security: a journalist was mistakenly added to a Signal group chat used by senior members of the U.S. government, where allegedly sensitive military plans were being discussed.
It’s easy to dismiss this as an isolated incident or a high-profile gaffe. But if you’ve worked in a large enterprise, you probably recognize this pattern: people from any level of seniority forming side-channels on Signal, WhatsApp, or other consumer-grade messaging apps—outside of official tools. The vast majority of these side-chats are not opened with bad intentions or a desire to break rules, it’s generally to work around – perceived – inconveniences the official tools the company provides put on them.
In this blog post we’re not going to dissect the incident that took place described in the article mentioned above .It’s not about what consequences such an incident should warrant. It’s about what business leaders should take away from this moment.
The Issue Isn’t Signal—It’s the System
Let’s be clear: Signal is a reasonably secure messaging app. End-to-end encryption, open-source, audited —it’s technically sound for people who want to reduce the risks of their messages being intercepted and kept private between sender and receiver.
But it wasn’t built for enterprise or government use.
Security isn’t just encryption. It’s about control. And Signal, WhatsApp, and other consumer messengers were never designed to provide:
- Directory control – You can’t define who’s in your organization or restrict who can be added to conversations.
- Role management – There’s no concept of hierarchy, clearance levels, or approval workflows.
- Auditing and logging – There’s no way to retroactively understand who had access to what, when, or why.
- Data retention – If someone leaves the organization, you can’t guarantee their messages go with them—or are even recoverable.
Why This Happens—And Why It’s Dangerous
So why do people use these apps for conversations they should have in person or on a communication channel approved by their organization?
Because they’re easy. Familiar. Fast. And sometimes, the official tools are clunky or unavailable outside the office.
But this convenience comes at a cost—especially at the leadership level. Decisions made in unofficial side-channels often:
- Circumvent governance structures
- Fragment institutional knowledge
- Risk data loss or legal exposure
- Introduce ambiguity in accountability
We all fall victim to this desire for convenience and aim to be effective in our work that trade-offs that are less tangible – in that moment – are not being considered.
“But It’s Just a Chat” Isn’t an Excuse
One of the most dangerous assumptions in enterprise environments is: “It’s just a quick side chat.”
But chats evolve. Information flows. Decisions are made. Screenshots are taken. And before long, that “side chat” has become a shadow system with no oversight.
In regulated industries, that could mean non-compliance. In competitive industries, it could mean leaked strategy. In public service, it could mean a national security risk.
What Leaders Should Do Instead
If you’re a senior decision-maker, here’s how to address this:
- Acknowledge reality – People use unofficial tools when official ones fail them. Don’t ignore this—fix the experience.
- Offer secure alternatives – Provide tools that are secure and user-friendly. If the only secure option feels like a hassle, it won’t be used.
- Define policies and educate – Make it clear what tools are approved, and why. Don’t rely on people to “just know” what’s acceptable.
- Design for human error – Accept that people will mis-tap, mis-send, or overlook things. Choose systems that limit blast radius when mistakes happen.
- Lead by example – If senior leadership uses official channels, others will follow. If they bypass them, others will too.
- Hold each other accountable – A group chat, by definition, consists of multiple people. Noting that a conversation shouldn’t take place on a consumer-grade app is not accusatory, but protects everyone involved.
A Final Thought
I’m optimistic that the vast majority of these side-chats don’t contain trade-secrets or are made to keep law enforcement in the dark. Often they’re just chats about lunch, co-ordinating transfer to the conference-venue, or sending birthday wishes. But sometimes they evolve from being “just chats” to relevant conversations where the consequences can be more than just an embarrassing anecdote/
The lesson here isn’t about which app was used. It’s about building systems—and cultures—where control, visibility, and accountability aren’t sacrificed for convenience.
Because one wrong tap shouldn’t put your strategy, your compliance, or your reputation at risk.
This article is also published on Medium.com.