• Home
  • Services
    • Managed Detection and Response
    • Security Assessment
    • Phishing Assessment
    • Vulnerability Management
    • CISO as a Service
    • Penetration Testing
    • Outside-in-Security
    • Inside-Out-Security
    • Security Audit
    • Static Code Analysis
  • Insights
  • About Us
    • Careers
    • Contact Us
Menu
  • Home
  • Services
    • Managed Detection and Response
    • Security Assessment
    • Phishing Assessment
    • Vulnerability Management
    • CISO as a Service
    • Penetration Testing
    • Outside-in-Security
    • Inside-Out-Security
    • Security Audit
    • Static Code Analysis
  • Insights
  • About Us
    • Careers
    • Contact Us
Phone-alt Linkedin
Excite IT, Brace168, and VITCS Merge to Form Excite Cyber: A New Era of Fearless Technology Solutions > Learn more

TikTok bans: why should other social media get a pass?

While social media can be a powerful marketing tool, it is not risk free.

TikTok is the latest in a long line of social media platforms to draw negative press and government approbation. Many organisations have chosen to ban TikTok from their devices around national security and privacy concerns: but the issues are not limited to TikTok, and there are several problems related to social media platforms that might give you reason to limit or ban their use.

What are the main risks?

Privacy: while this is mainly a concern for individuals, in a business context this is about control of content, protection of image, and consistent messaging.

Data protection and copyright: As above, apps can sometimes gain access to data they shouldn’t have. In some cases, they can assert rights to content posted through their service.

Reuse of personal information: Many of these apps do not have a glowing record in managing your data, often selling it to the highest bidder in secret.

Mental health, addiction, abusive behaviour: mental health and staff wellbeing is a major concern for organisations, and restricting or eliminating social media tools from the workplace can help keep your staff safe.

Potential legal impacts: defamation and similar legal action is a real risk.

The current furore around TikTok relates to national security and the parent company’s close relationship with the Chinese government, but it’s worth noting that the potential techniques an app like TikTok can deploy against your people and systems apply just as much to Twitter, Facebook, and to third parties who purchase access to your metadata.

In 2020, it was reported that TikTok was accessing the clipboard[1] on Apple’s iOS devices, an activity exposed by a security feature in iOS 14. It was soon uncovered that a vast number of other apps were doing the exact same thing[2].

Facebook were caught out when the Cambridge Analytica data harvest was revealed, and the New York Times reported on various other companies they had shared user data with, which Facebook defended [3]and for a time actively denied.

Nor does Twitter get a free pass, as can be seen in this list of data breaches [4]and issues going back to 2009. In recent times, many users have seen cause to abandon Twitter for alternatives like Mastodon.

The professional networking site, LinkedIn, experienced a data “exposure” in 2021 due to a “violation” of their terms of service where 92% of users’ data was scraped and made available on the dark web.

What can be done?

Your employees need to understand the risk, to themselves and to the business. User education on social media, phishing, and other social engineering threats is a great way to protect your people and your company from major risk. Many call this the “human firewall”.

If you provide your staff with a managed device, you may be able to:

  • Prevent installation altogether.
  • Limit access to business data on the device.

If your staff bring their own devices, your options are more limited, but you could:

  • Introduce a policy (or extend your existing AUP) banning the use of apps at work.
  • Include a note that social media use is at the user’s own discretion and risk, noting that their personal information may be accessed, used, and shared by (TikTok or other social media) and, under some circumstances provided to a foreign government or other entity.
  • Use network policies to limit or prevent access.

Need help?

Our team can assist with all the above tasks. Reach out today to help protect your business and your staff.

[1] https://www.theverge.com/2020/6/26/21304228/tiktok-security-ios-clipboard-access-ios14-beta-feature

[2] https://www.techradar.com/news/its-not-just-tiktok-another-53-ios-apps-will-snatch-your-clipboard-data

[3] https://www.nytimes.com/2018/12/18/technology/facebook-privacy.html

[4] https://firewalltimes.com/twitter-data-breach-timeline/

kTok bans: why should other social media get a pass?

Recent blog posts

Merger Announcement

Read More »

Matter – the new standard in IoT

Read More »

Can we use and trust AI in Cyber Security?

Read More »

Need help with this?

Enter your details below and one of our team will get in touch

Other Similar Articles

Common Vulnerabilities and Exposures

Read More »

Common Vulnerabilities and Exposures August 2021

Read More »

Hacks – Examples of major Supply Chain attacks

Read More »

CVE-2022-23944: Apache ShenYu (incubating)

Read More »
View all our blog articles
Linkedin
  • Insights
  • Contact Us
Menu
  • Insights
  • Contact Us

Our Office

Level 2, 157 Walker Street, North Sydney, NSW 2060

Call Us

(02) 9136 6066

Email Address

info@brace168.com