If your business issues company cell phones, then it’s time to pay attention to recent activity with TikTok. Reports are indicating that the popular social media app is a serious cybersecurity threat.
As a result, many business owners are concerned about employees downloading the app onto company cellphones and the cybersecurity risks that comes with it. So, what’s going on with TikTok, and why is Congress talking about it? Here is some background on the major security concerns and a few ways business owners can protect their company data.
What is TikTok?
TikTok is a free social media app that allows users to watch, create, and share videos. These videos consist of influencer content on everything from home improvement hacks, to advice on living a healthier lifestyle, in addition to lip-syncs of popular songs, fun sketches, or impersonations. Not only are users exposed to fast-paced entertainment, but they are utilizing TikTok’s unique algorithm. Through the FYP (For You Page) algorithm, the app serves videos based on the users likes and interests. For example, if TikTok notices a user liking videos of beauty and hair tutorials, the TikTok algorithm will serve that user more tutorials based on that information.
TikTok Cybersecurity Risks
As a business owner, it is vital that you understand the security risks that come with allowing employees to access TikTok from a company device. Here are the top concerns:
Data Privacy and Security Vulnerability:
TikTok collects an enormous amount of data from its users. An Australian cybersecurity firm recently produced a report that showed the app not only requests location, device information, and browsing history, but it also requests “almost complete access to the contents of the phone while the app is in use. That data includes calendar, contact lists, and photos.” This is a huge cybersecurity risk, especially when you consider that TikTok’s parent company, ByteDance, is based in China.
There are many who fear that the Chinese government could use TikTok as a way to gain critical and personally identifiable information on U.S. citizens and businesses, which is why other countries and branches of government have banned the app from mobile devices. For unsuspecting businesses, your company data could suddenly be in the hands of a foreign government, without you ever knowing.
Malware and Phishing Attacks:
As with any other platform, using TikTok means that there is the risk of malware or phishing attacks, which can compromise sensitive business data and put your company's reputation at risk. Over the last few years, more and more hackers are using social media to find their victims, as approximately 81% of all data breaches can be linked to social media.
This type of an attack on a company device can lead to devastating consequences, especially for small business owners. It is estimated that almost half of all data breaches are from small businesses, and 60 percent of small businesses go out of business within six months once an attack has occurred.
How Business Owners Can Protect Themselves
Implementing cybersecurity measures to protect your company’s data is crucial to ensuring a secure future for your business. Here are some proactive ways you can enhance your cybersecurity.
Limit Social Media Usage on Company Devices
What all business owners must ask themselves is ‘what could TikTok harvest from our employee’s devices that would put the business at risk?’ If you can’t answer this question, we encourage you to do some digging, as you may find that your company’s intellectual property, network configuration, personally identifiable employee information, email archives, and a lot more is at risk.
With all this in mind, it may be time to reconsider what apps are allowed on your corporate devices. Removing TikTok and other social media apps will strengthen your cybersecurity efforts, and mitigate the security risks associated with the platforms.
Create a Social Media Policy
In addition to limiting social media apps on company devices, business owners should also develop a clear social media policy to abide by. By providing employees with clear guidelines on social media usage, you are ensuring the safety and security of your business’ data and operations, as well as your brand and online reputation.
Educate employees
Employees are a company’s strongest asset and biggest risk when it comes to cybersecurity. One of the fastest way’s hackers attempt to access data is through phishing and social engineering attacks on your employees, and cybersecurity education is the best way to combat this.
A good approach to cybersecurity training is through a “group project” lens, and treating it as an educational experience for everyone. Many employees might not know what phishing or social engineering attacks are, so framing it as a learning opportunity will create a safe space for employees to ask questions and recognize that cybersecurity is everyone’s responsibility.
Create Good Cybersecurity and Social Media Habits
The use of technology and social media is a part of our everyday lives, which is why it is so important to implement guardrails for both. Not only will this safeguard your company’s data, but it will also protect you, your employees, and current and future clients from potential cybersecurity attacks.
At Blackhawk, we are all about helping our clients implement habits that will benefit them for years to come. Whether you are looking to instill financial or technology security habits, our bankers will help you find the best solution that meets your specific needs. To learn more about how Blackhawk Bank can help you, contact us today!
Author: 
Brian Mertens
VP Technology