Join top executives in San Francisco on July 11-12 to hear how leaders are integrating and optimizing AI investments for success. Find out more
The federal government is considering promoting a Completely ban TikTok video sharing app across the United States, just a few weeks later ban apps from all US government devices. Citing data privacy concerns stemming from TikTok’s parent company, Chinese company ByteDance, officials have made it clear that they believe the app can be used to track information individuals and pass that data directly to the Chinese government, which is known for its cybercrime. – steal IR, trade secrets and other proprietary information from Western companies to advance their own national security priorities.
Consider what to do with TikTok
But for businesses that use TikTok to market or recruit any of the 150 million Americans who have this app, what to do? For now, the answer lies in following basic security practices for all data-collecting apps, not just TikTok.
The reality is that regardless of TikTok’s relationship with the Chinese government, it’s not the only app capable of actively mining user data. Snapchat, Google, and Meta all leverage user data to target more granular ads and understand user behavior.
No company is immune to cyber breaches and data theft, so much of that highly personal data can be revealed by an adversary. TikTok collects data on a massive scale due to the size of its current user base and popularity, but overall, if you’re not paying for an app or service, it’s using your data. you to make money.
Of course, the reason we – and Congress – are having this discussion right now is because, unlike any of those social media companies, TikTok is owned by a foreign company. affiliated with China. While we should exercise caution when using social media platforms, regardless of who owns them, TikTok is collecting vast amounts of information from US consumers, and we don’t know that data is being used. used for or whether foreign governments have access to the data.
Is BYOD right for you?
This is why businesses allow employees bring their own device entering offices or conducting work on them – “BYOD” – should reevaluate their policy immediately. More specifically, they should ensure that they are aware of the types of corporate information employees have on their personal devices and take the necessary measures to ensure that the information is kept separate from the rest. of the application on those devices.
There are controls that organizations can put in place to ensure that sensitive company information is not collected by any type of app, TikTok or not. But in general, employers can’t issue outright bans on employees from downloading any apps they want on their personal devices. Organizations may have administratively acceptable use (AUP) policies that require employees not to use social media, including TikTok, during company time, but that is not the case. is a ban on having apps on the device. It also doesn’t stop the app from collecting information, which it always does.
Technical solutions that can be installed on personal devices to prevent applications from collecting sensitive work information or, such as downloading sensitive documents from email, must be set up, maintained, and maintained. and monitoring. That can be expensive and time-consuming, and requires the organization to have good data handling practices in place, including categorizing information and assets, and having visibility into how that information is processed. and how to use it on employees’ personal devices. Enterprise security leaders should understand exactly what information they need to protect in order to make better risk decisions about how to handle that information.
What about a working phone?
An alternative route for businesses concerned about TikTok’s data collection practices is to issue their own devices to employees, which come pre-installed with security controls to prevent downloading apps. unknown or unauthorized. If the organization owns the device, they can control exactly what is allowed to do and download to the device to ensure compliance with the right security protocols.
But releasing corporate devices can also be expensive, and businesses when deciding whether to buy a laptop or a phone for their employees must take into account convenience, business requirements, and information. protect risk.
The specific risks that the TikTok incident highlighted are not new but have reached a new level of visibility due to the app’s incredible popularity. While Congress considers banning the app, business security leaders know that the tough problem of data privacy and employee assets doesn’t end with TikTok and the search for new solutions. will be essential as other data collection applications become more and more used. There has never been a better time for those leaders to put security first and at the heart of their organization’s priorities.
Adam Marrè is Director of Information Security at Arctic Wolf.
Welcome to the VentureBeat community!
DataDecisionMakers is a place where professionals, including technical people who work with data, can share data-related insights and innovations.
If you want to read about cutting-edge ideas and updates, best practices, and the future of data and data technology, join us at DataDecisionMakers.
You can even consider contribute an article your own!