In March 2025, a communications blunder at the highest levels of the U.S. government made headlines — and served as a wake-up call for security professionals everywhere.
A Signal group chat intended for a small number of senior U.S. officials to discuss military planning in Yemen mistakenly included a journalist, Jeffrey Goldberg, the editor-in-chief of The Atlantic. For days, Goldberg had access to discussions outlining classified information, including the intended targets of U.S. military strikes against Houthi forces. The chat, titled “Houthi PC small group,” contained operational details and strategic deliberations that would normally be safeguarded under the most stringent information controls.
Goldberg himself disclosed the incident in a column on March 25, confirming he had received the Signal invitation by mistake and had access to the group’s messages for an extended period before notifying the White House. The National Security Council confirmed the authenticity of the messages and launched an internal investigation into how such a lapse occurred.
While this was ultimately a case of human error — a mistyped contact, perhaps — the consequences were amplified by the tool used: Signal, a widely used encrypted messaging app that offers few administrative safeguards or visibility over who joins a chat, especially when accessed via desktop. The incident revealed a stark truth: even when encryption is strong, communication is only as secure as its context, usage, and controls.
Encrypted Messaging: A Double-Edged Sword
Encrypted messaging apps like Signal, WhatsApp, and Telegram are celebrated for protecting personal privacy. Their core value is end-to-end encryption — meaning only the sender and recipient can read a message, and no intermediary (including the platform itself) can decrypt it.
This level of privacy is essential in many contexts. Journalists, dissidents, and professionals in high-risk regions depend on it. But in business, government, and military environments — where accountability, visibility, and regulatory compliance matter as much as confidentiality — the picture becomes more complex.
The Pros of Encrypted Messaging Services
1. Strong Privacy Protections
End-to-end encryption ensures that communication remains private, even if intercepted during transit. For sensitive discussions or confidential business information, this is a valuable layer of defense.
These apps are user-friendly, widely available, and require little technical setup. They can be adopted quickly across a team without intensive onboarding.
3. Protection from Third Parties
Because platform providers themselves can’t decrypt messages, there’s strong protection against unauthorized access — even by the service itself.
The Cons — And Why They Matter
1. Lack of Visibility Over Participants
In the U.S. government incident, officials using Signal on mobile had no way of knowing which chat participants were using the app on desktop — a significant risk vector. Desktop versions of messaging apps are generally more vulnerable to malware, and if compromised, can expose entire chat histories.
Encrypted messaging apps often don’t support message archiving, compliance logging, or administrator access. This might be ideal for personal privacy — but it's a liability for enterprises and public institutions, which are required to retain communications for audits, legal discovery, or historical record.
3. Susceptibility to Human Error
As seen in the Signal/Yemen case, one mistaken phone number or contact entry can result in a massive security failure. There’s no “are you sure?” checkpoint or tiered access control. Once someone is in the chat, they’re in — and often indistinguishable from legitimate participants.
4. Poor Fit for Regulatory Environments
In finance, healthcare, government, and other regulated sectors, communications must often be recorded, monitored, and reportable. Encrypted messaging apps are poorly suited to these requirements, especially when used in an unmanaged, ad hoc way.
![AdobeStock_512552585 [Converted]](https://www.mailguard.com.au/hs-fs/hubfs/AdobeStock_512552585%20%5BConverted%5D.png?width=400&height=267&name=AdobeStock_512552585%20%5BConverted%5D.png)
Security Isn't Just About Privacy — It's About Control
The lesson from this episode isn’t that encryption is bad. It’s that privacy without visibility creates blind spots. And in environments where oversight and accountability are non-negotiable, those blind spots become liabilities.
In many cases, a more structured, auditable, and secure approach to communication is required — especially for business-critical information and sensitive operational planning. That’s where secure email solutions come in.
Why Email Still Matters — And Why It Needs Protection
Despite the rise of messaging apps, email remains the backbone of business communication. It’s used for contracts, strategic decisions, sensitive client discussions, and daily operational matters. But because it’s ubiquitous, it’s also a top target for cybercriminals.
Phishing, business email compromise (BEC), malware delivery, and ransomware campaigns all routinely begin with email. While platforms like Microsoft 365 provide some level of protection, they’re not built to stop sophisticated, fast-moving threats.
This is where MailGuard — a cloud-based email security solution — plays a critical role.
How MailGuard Protects Inboxes
1. Stops Fast-Breaking Threats
MailGuard detects zero zero-day phishing and malware campaigns hours ahead of the market — before traditional filters and native security can catch up.
MailGuard works seamlessly with Microsoft 365 and Google Workspace, providing a specialist layer of advanced email security and proprietary AI & ML-powered threat detection to secure inboxes.
3. Immediate Protection & 24/7 Support
Businesses gain immediate protection once their services are activated, and partners and clients have access to 24/7 support from MailGuard's team of experts.
4. Supports Compliance and Archiving
Unlike ephemeral messaging platforms, email can be retained, archived, and searched — meeting the demands of regulatory environments and ensuring auditability. SafeGuard is one such solution integrated into the MailGuard email security suite.
Final Thoughts: Privacy Must Be Balanced With Accountability
The Signal/Yemen scandal was a case of human error — but one made dangerous by the nature of the tool involved. It revealed a broader issue that many IT leaders, partners, and government departments face: how do you enable secure, fast communication while still meeting obligations for oversight, compliance, and control?
The answer isn’t to abandon encrypted messaging. It’s to use the right tools for the right context.
For ephemeral, one-to-one conversations, encrypted messaging apps offer value. But for structured, organization-wide communications — especially those involving sensitive data, strategy, or legal implications — secure email, backed by cloud-native protection like MailGuard, is essential.
Keeping Businesses Safe and Secure
Prevention is always better than a cure, and one of the best defences is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid threats landing in inboxes in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.
No one vendor can stop all email threats, so it’s crucial to remind customers that if they are using Microsoft 365 or Google Workspace, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a specialist third-party cloud email solution like MailGuard.
For a few dollars per staff member per month, businesses are protected by MailGuard's specialist, zero zero-day email security. Special Ops for when speed matters! Our real-time zero zero-day, email threat detection amplifies your client’s intelligence, knowledge, security and defence.
MailGuard provides a range of solutions to keep businesses safe, from email filtering to email continuity and archiving solutions. Speak to your clients today to ensure they’re prepared and get in touch with our team to discuss fortifying your client’s cyber resilience.
Talk to us
MailGuard's partner blog is a forum to share information; we want it to be a dialogue. Reach out to us and tell us what your customers need so we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 2822
UK partners call 0 800 404 8993
