Cyber security fears | Is it time to ban TikTok from your company devices?

Is it time to ban TikTok from your company devices?

The BBC has followed the UK Government by urging staff to delete TikTok from their work devices, amid growing privacy and security concerns about the app.

In recent weeks, fears have grown that the app could harvest data from corporate phones and share it with the Chinese government. The popular social media platform’s parent company, ByteDance, is based in Beijing, and in 2021, China's government acquired a one per cent stake and one of three seats on the board of the firm.

TikTok says the bans are based on "fundamental misconceptions”, but the concerns have been substantial enough for the national broadcaster to prohibit its use on business phones. BBC staff will still be permitted to have the app on their personal device and are allowed to keep it on their work phones if it is necessary for their jobs.

In an email to staff, the national broadcaster said: "The decision is based on concerns raised by government authorities worldwide regarding data privacy and security.

Read more from us

"If the device is a BBC corporate device, and you do not need TikTok for business reasons, TikTok should be deleted from the BBC corporate mobile device."

The UK Government had also recently outlawed the app on work phones, and government officials have also been banned from having the app on their work phones in the US, Canada, New Zealand and Belgium.

These TikTok bans are putting many businesses and public bodies at something of a crossroads. On one hand is the risk of not capitalising on a huge social media presence that the app can bring – one of the BBC’s several TikTok accounts, for example, has more than four million followers.

On the other hand, however, are concerns about security breaches, and these fears are not entirely unfounded. ByteDance employees were found to have tracked the locations of a handful of journalists in 2022 – though the company says these workers were fired.

Trends Report 2023/24<br>Redefining Talent Retention, DE&I, and Leadership in 2024

Trends Report 2023/24
Redefining Talent Retention, DE&I, and Leadership in 2024

The last few years have been challenging for HR professionals to say the least, and 2024 isn't going to be a year which lets up!

Advanced's Annual Trends report (in which we asked over 500 real HR leaders about their challenges and priorities) reveals what big tests you and your people can expect to face into 2024, and has delivered a resounding warning: the people management landscape continues to rapidly shift, and people teams continue to face an uphill battle to power performance and retain their best people. Delivering a first-class people experience is going to be harder than ever if skills and talent gaps can't be addressed.

Our 8th Annual Trends Report is here to help you anticipate of all the key challenges that continue to affect business and HR leaders, and the people that drive your working world. We shine a light on the dominant trends you need to be aware of in 2024, as well as offer key practical takeaways to help you power business performance and make 2024 a success.

Read our report to stay ahead of:

  • How to attract and retain your best talent

  • The skills shortages affecting people teams

  • Technological barriers to delivering a truly great people experience

  • The continuing role Diversity, Equality and Inclusion plays in powering business success

  • How Environmental, Social and Governance matters are taking centre stage when it comes to employee experience

  • What good leadership looks like in 2024

Show more
Show less

Elsewhere, the company is set to testify in front the US Congress, in the face of growing calls for the short video app to be banned across America.

The Committee on Foreign Investment in the United States (CFIUS), a powerful national security body, had unanimously recommended in 2020 that ByteDance divest TikTok. The video app has spent more than two years in talks with CFIUS seeking to reach an agreement on protecting U.S. user data.

So, should you be monitoring this situation, and checking if TikTok is installed on any of your workforce’s corporate devices? The data suggests so.

Check Point Software recently conducted research which found that nearly half of all companies (46%) experienced a security incident in which an employee downloaded a malicious mobile application, making security risks a huge cost.

Mobiles are ‘an area of weakness for most businesses’

Muhammad Yahya Patel, Security Engineer at Check Point Software, said: “The decision to ban TikTok on civil servants’ devices is unsurprising and opens up a wider conversation around data privacy. Social media apps collect a significant amount of sensitive data, and if breached can act as a gateway to access wider enterprise networks.

“Unfortunately, mobile devices continue to be an area of weakness for most businesses with many having no strategies or technologies in place to protect against these security threats. I think part of this is because the lines are blurred when it comes to our phones when we use them both personally and professionally. But the threat landscape is evolving rapidly, and there is a need to make sure all devices are compliant with relevant policies that control what apps may pose a security risk.

“This ban should act as a reminder for all businesses that mobile devices are an often-forgotten attack vector and that now is the time to use a prevention-first approach against the newest threats.”

Not just TikTok that poses a threat

Jim Moore, employee relations expert at HR consultants Hamilton Nash, explained that, while the concerns over TikTok are justified and not just rooted in paranoia, any workplace security reviews should factor in all social media apps.

“TikTok has become so successful because it tailors everyone’s feed to their own personal preferences – and it does that by collecting stacks of data about our interests, political leanings and more intrusive information,” said Moore.

From our content partner

“More worryingly, it also grabs location information, browser history, biometric data and even keystroke patterns, all of which should send chills down the spine of any business owner," he explains.

“TikTok’s owner Bytedance is obliged to share information with the Chinese government, so security fears and concerns over corporate espionage are not paranoia. Employers should already have a policy covering the use of personal devices and social media, and these should be reviewed to tighten up any restrictions over apps like TikTok.

“These rules should specifically and clearly forbid the installation of TikTok on company-provided devices. Although TikTok is getting attention due to the concern over Chinese access to data, any app could theoretically pose a threat. Any tightening up of policies should probably cover all apps and devices, not just TikTok," More concludes.

Likely ‘no security issues’ for ordinary firms

However, Michelle Stark, Sales and Marketing Director at Fasthosts, feels it is unnecessary for most firms to impose a TikTok ban, unless handling ‘extremely sensitive data’.

“The big reason that the BBC and the government are asking this of staff is the concern that TikTok may be used by the Chinese government to effectively ‘spy’ on its users, a claim which the company has vehemently denied,” said Stark.

“Despite this, we’ve seen the US and Canada ban the app from all government devices, causing a knock-on effect here in the UK. Whether or not these fears are unfounded remains to be seen, but the UK’s knee-jerk reaction is very much one of ‘better safe than sorry’ as they clearly share the same security concerns as these other bodies.”

“I don’t think there’s much merit in other workplaces following suit, unless you’re a business handling extremely sensitive data. Even then, you’re unlikely to have TikTok on work devices. The BBC and the government have taken this step as they are two of the most likely targets for any kind of cyber warfare involving information gathering. So for most businesses who are unlikely to be the targets of international spying operations there’s likely no security issue.”

You are currently previewing this article.

This is the last preview available to you for 30 days.

To access more news, features, columns and opinions every day, create a free myGrapevine account.