Technology A CISO's perspective on a TikTok ban and what...

A CISO’s perspective on a TikTok ban and what it means for enterprises


Join top executives in San Francisco on July 11-12 to hear how leaders are integrating and optimizing AI investments for success. Learn more

The federal government is considering one outright ban on the video sharing app TikTok in the US, just weeks after the app was banned from all US government devices. Citing data privacy concerns stemming from TikTok’s parent company, Chinese company ByteDance, officials have made it clear they believe the app could be used to spy on Americans’ personal information and provide that data directly to the Chinese government , which is known for cyber-attacks. -theft of IR, trade secrets and other proprietary information from Western companies to further its own national security priorities.

Consider what to do with TikTok

But what about companies that use TikTok for marketing or employ one of the 150 million Americans who have the app? The answer, for now, lies in following basic security hygiene practices for all apps that collect data, not just TikTok.

The reality is that whatever TikTok’s affiliation with the Chinese government, it’s not the only app capable of actively manipulating user data. Snapchat, Google, and Meta all use user data to more accurately target ads and understand user behavior.

No company is immune to cyber breaches and data theft, so a lot of that highly private data could potentially be exposed by an adversary. TikTok collects data on a large scale due to its user base size and current popularity, but generally speaking, if you don’t pay for the app or service, it will use your data to make money.


Transform 2023

Join us on July 11-12 in San Francisco, where top executives will talk about how they integrated and optimized AI investments for success and how they avoided common pitfalls.

register now

Of course, the reason we – and Congress – are having this discussion now is that unlike all those social media companies, TikTok is owned by a foreign company affiliated with China. While we should be careful when using social media platforms regardless of who owns them, TikTok collects massive amounts of information from US consumers, and we don’t know what that data is used for or whether a foreign government has access to the data.

Is BYOD for you?

This is why companies that allow employees to bring or work with their own devices into the office – “BYOD” – should immediately reevaluate their policies. More specifically, they should make sure they are aware of the types of company information that employees have on their personal devices, and take the necessary steps to ensure that information is separated from the rest of the apps on those devices.

There are controls organizations can implement to ensure that sensitive business information is not being collected by any app, TikTok or not. But in general, employers can’t prohibit employees from downloading whatever app they want on a personal device. Organizations may have acceptable use policies (AUPs) that administratively require employees not to use social media, including TikTok, during work hours, but that is not a ban on having the app on the device. It also doesn’t prevent the app from collecting information, which it always does.

Technical solutions that can be installed on personal devices to prevent sensitive work information from being collected by apps or, for example, sensitive documents downloaded from email, must be set up, maintained and monitored. That can be expensive and time-consuming, and it requires an organization to already have good data handling practices in place, including classifying information and assets and understanding how that information is processed and used on employees’ personal devices. Security business leaders need to understand exactly what information they need to protect in order to make better risk decisions about how that information is handled.

What about work phones?

The alternative route for companies concerned about TikTok’s data collection practices is to issue their own devices to employees, preloaded with security controls that prevent unknown or unauthorized applications from being downloaded. If the organization owns the device, they can control exactly what is allowed to be done and downloaded on the device to ensure proper security protocols are followed.

But spending business equipment can also be expensive, and companies considering purchasing laptops or phones for employees must consider convenience, business requirements, and information security risks.

The specific risks highlighted by the TikTok issue are not new, but have reached a new level of visibility thanks to the incredible popularity of the app. While Congress considers banning the app, corporate security leaders know that the vexing issue of data privacy and employee ownership doesn’t stop at TikTok, and finding new solutions will be imperative as the use of other data-collecting apps increases. There has never been a better time for these leaders to put safety at the heart of their organization’s priorities.

Adam Marrè is Chief Information Security Officer at Arctic Wolf.

Data decision makers

Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including the technical people who do data work, can share data-related insights and innovation.

To read about advanced ideas and up-to-date information, best practices and the future of data and data technology, join DataDecisionMakers.

You might even consider contributing an article yourself!

Read more from DataDecisionMakers

Shreya Christina
Shreya has been with for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

Latest news

Rəsmi Veb Saytı Bağlayın️ Sürətli Ödənişlər, Gündəlik Bonuslar, Bütün Bunlar Sizi Pin Up Casinoda Gözləyir

ContentPin Up Bonus Pul Çıxarılır?Yoyo Wallet: The Fastest Growing Mobile Wallet In…Pin Up Seyrək Casino Resmi Sayt Azerbaycan Oyun...

Бк Зенит Обзор Ставок На Спорт На Официальном Сайт

Бк Зенит Обзор Ставок На Спорт На Официальном СайтеЗенит Букмекерская Контора 2024: Обзор Официального Сайта И Ставки На Спорт...

Daha əla Bukmeyker Rəsmi Saytı

Əlavə olaraq, siz müasir qumar oyunlarının buraxılışı barədə xəbərlər, eləcə də oyun təcrübənizi daha da yaxşılaşdıracaq xüsusi bonuslar əldə...

Mosbet: Onlayn Kazino Və Idman Mərcləri

Oyunçular həm saytın brauzer versiyası, həm də mobil proqramdan istifadə etməklə qeydiyyatdan keçə bilərlər. Mobil proqram 4 əsl qeydiyyat...

Mostbet Mobil Tətbiq: Azərbaycandan Olan Oyunçular ötrü Icmal 2023

Bukmeyker şirkətinin saytı, kompüterdən bahislər qoymağa imkan verdiyinə baxmayaraq, bukmeker şirkəti də PERSONAL COMPUTER ötrü şəxsi bir proqram hazırlamışdır....

Mostbet Azerbaycan Formal Casino Proloq Və Qeydiyyat Mostbet Seyrək

Aşağıda Mostbet ekosisteminin başqa bölmələri və dəyişən oyun təklifləri mal. Müxtəlif oyun masaları, dilerlər və oyunçular arasında yarış normal...

Must read

You might also likeRELATED
Recommended to you