IAITAM: “TikTok unnecessarily endangers phone data”
July 16, 2020
The nation of India, the US military, and banking giant Wells Fargo already have either banned TikTok app use altogether or at least on company mobile devices. Should your organisation follow suit and prohibit the popular app TikTok on company and even personal phones?
The International Association of IT Asset Managers (IAITAM) has now warned that allowing employees to use TikTok on any devices (including personal cell phones and tablets in a work-from-home context) with direct access to corporate data is “not consistent with maintaining data integrity.”
The TikTok app is taking the world by storm, with controversy brewing over whether the app’s open-ended permissions pose security risks for corporations, government agencies and other organisations particularly during a time when many employees are still working from home (WFH) due to Covid-19. Concerns about the Chinese-owned TikTok are reminiscent of earlier security worries about Fitbit and Pokémon Go. In 2016, IAITAM called on corporations to ban the installation and use of Pokémon Go on both corporate-owned, business-only (COBO) phones/tablets and “bring your own device” (BYOD) phones/tablets with direct access to sensitive corporate information and accounts. In 2019, IAITAM advocated against Microsoft’s policy decision to let end-users buy some of their own apps and licenses through Office 365, bringing up concerns over how businesses would track IT assets to ensure compliance. Due to such criticism, the technology giant reversed its decision.
The TikTok app has been found gathering data that includes the user’s clipboard history, location and GPS data, much like the Fitbit security breaches that the Department of Defense experienced in 2018, where fitness trackers used location data to map military bases while soldiers exercised.
Dr. Barbara Rembiesa, president and CEO of IAITAM, said: “The TikTok app unnecessarily endangers data in a way that any government agency or corporation should be concerned about. Combine that with the blending of corporate and personal assets due to work-from-home conditions for employees and you have a perfect storm for sensitive data to be placed into the wrong hands. As things stand today, allowing TikTok in or near your organisation’s environment is not consistent with maintaining data integrity.”
Rembiesa continued: “Acceptable data risk needs to be ascertained prior to downloading software and such software should be managed by an IT asset manager. The risk posed by the data permissions of TikTok does not meet data security best practices. Diligence and education on ITAM procedures are essential for businesses to implement smart digital policies and mitigate security risks.”