WeChat Security Must be a Top Priority in China’s Growth Strategies


China’s rising middle class has considerable purchasing power, accounting for nearly a quarter of global GDP. Global growth strategies in every sector include gaining market share in China.

China, on the other hand, faces specific challenges. Its knowledge ecosystem is unique in comparison to others. The sales and marketing tools and platforms used by sales and marketing teams in APAC, EMEA, and the Americas cannot simply be transferred to the Chinese market. Instead, entirely new cloud channels must be created. WeChat is by far the most common of these networks.

The importance of WeChat in the Chinese digital world can be difficult to understand for a western audience. WeChat has a monthly active user base of over 1.2 billion people. It’s a lot more than a chat app. WeChat is China’s most popular social media, retail, banking, eCommerce, company, details, customer service, brand reputation management, and other personal and professional functions application.

WeChat is a must-have for business communications. There are two versions for companies with Chinese operations: WeChat and, more recently, WeChat Work, also known as WeCom.

WeChat Work vs. WeChat

WeChat is China’s multifaceted mobile web: ecommerce, social networking, mobile chat, and payment all in one. Any company doing business in China understands how important the app is for marketing, sales, and customer service. Luxury retailers and automakers in the West were among the first to use WeChat influencers and marketing campaigns to meet Chinese consumers. The personal WeChat app, on the other hand, is difficult to protect and raises data privacy issues for companies.

Tencent, the company behind WeChat, recently launched WeChat Job, also known as WeCom. WeChat Work is a business communication tool that works in tandem with the popular WeChat messaging app. WeChat Work foreshadows the form of contact that could be possible as a result of the Salesforce-Slack merger in several ways. WeChat Function is a game-changer for Western enterprise IT teams since it provides a cloud-based enterprise-scale instance that is easy to deploy and maintain compared to a federation of employees’ personal WeChat accounts. Since the platform is dedicated to business communications, data privacy issues are less of a concern, similar to Slack or Microsoft Teams.

Security Challenges for WeChat Work

Even a small company’s WeChat Work account can receive hundreds of messages every day. A phishing connection, a malicious file, or an interaction that poses a compliance risk may be included in any of these messages. Manual analysis is impossible due to the frequency and pace of the messaging. This isn’t even taking into account any customer data that enters the app through customer service or marketing channels.

It would be bad enough if there was no visibility or threat detection. It has also made the cloud channels that western companies are more familiar with security poor links. WeChat, on the other hand, has its own collection of security idiosyncrasies:

  • There is no end-to-end encryption in WeChat. Users have no idea what happens to their data once they join the WeChat ecosystem. For security teams charged with avoiding data leakage, this is a really poor situation.
  • Chinese cybercriminals use WeChat as a main attack vector. Exact data is difficult to come by, but according to a study by the Supreme People’s Court, WeChat was by far the most common source of scams in 2019. WeChat was used in more than half of the online fraud cases investigated by Chinese authorities. A western security team entering China would most likely be unprepared to deal with these risks.
  • Cybercriminals outside of China are constantly creating banking trojans that imitate WeChat in order to gain access to and steal user information. Cerberus, for instance, is a form of malware that can steal user privileges and grant itself additional permissions without the user’s awareness. Again, security teams unfamiliar with WeChat can have difficulty detecting trojans.
  • Then there are the big problems of enforcement. Again, all information exchanged on WeChat is likely to be accessible by the government. Non-Chinese users who are located outside of China are also available. Companies who do not have complete insight into their employee communications are putting themselves at risk as a result of this government monitoring. They run the risk of breaking China’s strict censorship laws and other rules, which can be difficult to understand.
  • The language barrier adds to the complexity of the situation. It’s difficult enough to secure cloud channels in English-speaking markets. WeChat, on the other hand, supports a wide range of Chinese dialects, including Mandarin and Cantonese. Since different languages can be mixed in several exchanges, universal-language machine learning is a must to ensure protection and compliance.

Securing WeChat is Possible

Regardless of the aforementioned obstacles, securing your company’s WeChat Work instance is very much possible. However, it necessitates the use of additional tools that are specifically designed for the challenges that WeChat Work presents. (The probability is that workers at western companies are at particular risk of cyber-attack, as WeChat-savvy bad actors would see them as inexperienced and susceptible users.)

The principles of effective WeChat security are as follows:

  • Companies must seek out tools that give them full visibility and round-the-clock monitoring. These tools must have the power to detect, and alert companies to, any digital risks: malicious links, malware, account changes, and problematic language.
  • Companies must be able to enforce custom policies through this security engine in order to be alerted to the unique risks they face. Companies want a versatile policy engine because the Chinese climate is complex and unpredictable.
  • Automated archiving and record-keeping are more critical than ever to defend against enforcement risks and audit criteria. Companies must be able to document anything that happens in their WeChat Work instance using the security framework.

Safe and compliant use of WeChat Work is possible with these three concepts as the basis of a security policy. Companies, on the other hand, are putting themselves in grave danger in a business-critical market if they don’t have them.

Melina Richardson
Melina Richardson is a Cyber Security Enthusiast, Security Blogger, Technical Editor, Certified Ethical Hacker, Author at Cybers Guards. Previously, he worked as a security news reporter.