Protecting Your Company from TikTok

Much has been said about TikTok and its cybersecurity concerns over the past couple of weeks. As mentioned in last week’s blog post, the United States, along with several other countries, are forcing teens all over the world to panic as they mull over the idea of outright banning the popular social media platform in hopes of preventing the Chinese government from potentially accessing user data. 

Rather than wait for the White House to make the call, some big-name companies and organizations have already taken measures to protect their own user data by preventing their employees from using TikTok. 

The US Army and Navy (and Marines) banned TikTok from government-issued mobile devices in December 2019, blocking it from the Navy Marine Corps Intranet. The Air Force, Coast Guard, Marine Corps all later followed suit. No word on Space Force yet, but they’re probably super busy filming Season 2 right now.  

Wells Fargo told its employees to uninstall TikTok from company devices last week. Amazon briefly requested its employees to delete TikTok from any mobile device that also had access to company email accounts, but later retracted the request. 

Here’s where you come in. 

All of this may force you to wonder whether it’s time for your company to make the potentially necessary, but likely unpopular decision of banning the use of TikTok or other concerning applications from corporate devices in the name of safeguarding company data. 

It’s a somewhat Orwellian, but not totally unfamiliar concept belonging to the corporate world. Company-issued mobile devices often come with rules, many of which dictate what you can and cannot have installed on the device. Monitoring mobile devices can become even more vital for companies that employ BYOD policies (sorry, dog lovers, that stands for bring your own device). Allowing employees to use personal devices often means they’ll be using those devices to connect to corporate networks and/or store/access sensitive corporate data. 

You can accomplish this in one of two ways: 

  1. Asking your employees, in the most polite and assertive way possible, to remove the popular, yet controversial social media app from their devices.

  2. Employing mobile device/application management.

It’s worth noting that upfront costs on Option No. 1 are far lower. It may not always lead to 100% success rate, though, which could lead to some expensive fixes down the road. People are, after all, sometimes the worst. 

Option No. 2 can be expensive, but it’s realistically the only way to ensure that all mobile devices within your network are playing by the rules. 

Mobile device management (or MDM for the acronym enthusiasts) is designed to allow your IT department to monitor, manage, and secure your employees’ mobile devices. That means you can dictate what applications (like TikTok) need to be blacklisted for security purposes. 

Let us be clear in stating that adopting MDM is a far easier task for those who offer company-owned mobile devices. For obvious reasons. 

Other companies, however, simply don’t have that kind of cash, forcing them to take a different approach. 

RECENT POSTS

BYOD companies often employ a similar security measure known as mobile application management (of course, another acronym: MAM). Much like its name implies, MAM is designed for companies that want to safeguard certain applications on a device without managing the device itself. 

MAM services will often sandbox all the applications you use to access work-related data and encrypting that information so that it’s virtually unreadable by any other application outside of those bounds (like TikTok!). Some services will also boost security by limiting certain functions within those apps, like sharing documents, taking screenshots, and copying information. MAM effectively serves as an All-Pro First-Team stiff arm to TikTok’s constant attacks. 

It’s worth noting that caveats do exist with many of these services, so throw on your reading glasses and take a look at the fine print before signing on the dotted line. 

MDM is also available for employee-owned devices, but it’s understandable why some of your people may be reluctant to give up what appears to be complete access to a device that contains a remarkable amount of personal data. 

MDM permissions can obviously change from company to company. You don’t need to take full access if you don’t need it, but it’s obviously important to communicate that message to your employees. Be transparent. Nobody enjoys feeling like they’re always being watched, especially if they’re the ones footing the bill for the device itself.  

But this goes beyond simply approving mobile applications. Here’s a quick rundown of what else may be offered:   

App passcode requirements

You’ll need to punch in a passcode or password every time you try to access sandboxed applications. And don’t worry, some MDM/MAM services allow you to utilize the device’s built-in biometric authentication (e.g. Face ID, Touch ID, fingerprint scanning) for easier, but still secure access. 

Define auto-lock settings

That thing we said about people sometimes being the worst? Here’s an example. 

A phone’s security features (like device and app passcodes) are only effective if intruders remain on the outside looking in. But if the intended user unlocks the phone, accesses the app, and somehow forgets to lock the device before setting it down and walking away? Big problem. 

MDM/MAM will try to mitigate that as best as possible, defining how long the device may sit idle before being locked. 

Pushing apps onto the device

We’ve all heard the excuses. 

“I can’t find it on the app store.”

“What’s an app store?”

“What’s an app?” 

Bypass human error and use MDM/MAM to automatically push the necessary applications and updates onto your employees’ device. 

Remotely reset passcodes, wipe devices, or lock devices 

Tens of millions of smartphones are lost or stolen every year. Most of those phones are never recovered. 

That makes it all the more important that your company has the ability to remotely wipe the data from your employees’ lost mobile devices. Whether it be the device’s or application’s data, you’ll be able to rest a bit easier knowing your company’s information isn’t at risk.  

Are you dealing with sensitive data on mobile devices? Maybe it’s time for you to look at your available security options.