TikTok is a free social media app that lets you watch, create, and share videos with millions of users around the world. It is mainly used by 16-to-24-year-olds for sharing silly videos, and its inclusion in any conversation about national security may seem bizarre to some.
Officials in Washington have become increasingly concerned that the Chinese government could get access to information about Americans who use TikTok. The app is owned by ByteDance, a large and privately held internet company with headquarters in Beijing, and has reportedly offered to sell the American operations of TikTok. Microsoft is one of the companies that has stepped up with some interest.
The initial indication is that TikTok does not collect any more data than competitors such as Facebook and Google, who gather personal information for targeted advertising. In fact, it may collect less, given that users are uploading less personal information to the app than they do on other social media platforms. But many companies are taking the security threat seriously, requesting its employees to delete the app because it has been proven to have the ability to view data in a mobile device’s clipboard.
Users discovered that TikTok was checking content from the clipboard on IOS devices every few keystrokes, even when the app was running in the background. TikTok was one of 53 apps that security researchers had previously flagged as regularly seeking clipboard access. TikTok claimed it was only checking the content to stop people from spamming the platform by copying and pasting the same content and that they disabled the feature in an app update pushed out on June 27. That feature was also never enabled on Android devices.
While it’s concerning to learn that many apps have been unknowingly accessing mobile devices clipboard, it’s important to remember that there are legitimate reasons for them to do so. Browser apps like Chrome search the clipboard for URLs. The UPS app searches the clipboard for tracking numbers, but because most businesses do not use TikTok as a mission-critical app, there should be no harm in having it removed from work devices.
A businesses mobile device security protocols on (business or personal) devices is not always a popular conversation to have with employees that want to have access to the virtual world and latest trends but could be the most important safety tool you have is the use of any apps like TikTok really only becomes problematic when there are no safeguards or policies in place.
Below you will find a list of 6 important safeguards to implement for business and personal devices that access the internet:
-
Introduce a Bring your own device (BYOD) policy.
The best safety policies should include three critical components: a software application for managing the devices connecting to the network, a written policy outlining the responsibilities of both the employer and the users, and agreement users must sign, acknowledging that they have read and understood the policy. You can email us to receive a free copy of our Mobile Device Policy template that you are welcome to adapt to suit your needs.
-
Require the use of two-factor authentication on all critical and sensitive accounts and applications.
two-factor authentication requires the user to provide two pieces of information—a password and verification code that’s automatically displayed on a trusted device or sent to an email or phone number. By entering the code, you’re verifying that you trust the device. Because your password alone is no longer enough to access your account, two-factor authentication greatly improves the security of your personal information.
-
Check your application security settings.
Check on which apps have access to the various devices of the phone (mic, camera, location data, etc.) Then turn off access where it is not needed or wanted. As with any app or online platform, it can be risky, and you need to be careful what you share. Everything you see, say, search and share is analyzed for any number of reasons that may not be safe or suitable to your organization.
-
Minimize location access.
The Location services settings allow apps and websites to use information from mobile networks, and Bluetooth to determine a user’s approximate location. When allowing permission for location access, it is recommended to only select While Using the App instead of Always, as it prevents an app running in the background from accessing a device’s location information.
-
Always be suspicious of unsolicited calls, emails, or text messages.
Attackers use a variety of methods to get users to download malware or reveal personal information. Be sure to look carefully at and verify any messages, calls, or emails from unknown senders before opening or clicking on links and double-check those that seem out of sorts, even if they look like they are from a trusted contact, asking for something a little bit out of the ordinary.
-
Avoid connecting to unsecured Wi-Fi networks.
Turn off the automatic Wi-Fi connection feature on your mobile devices. Users should refrain from connecting to public hotspots, as they are not secure, and connecting to them can expose the device to a multitude of risks. If connecting is necessary, avoid logging into sensitive accounts or financial services. Setting up a VPN is a better way to secure data while away from your own secure network.
Every day, your business depends on information technology (IT) to operate. Thank you for letting us be there for you. Braver Technology Solutions | wemakeitwork@bravertechnology.com
Boston 617.315.8515 | Taunton 508.824.2260 | Providence 401.484.7900