Guest Post: TikTok Ban? Companies, Agencies Do Not Have Secure Data If Chinese App Allowed on Company, Personal Phones Says IAITAM

The nation of India, the U.S. military, and banking giant Wells Fargo already have either banned TikTok app use altogether or at least on company mobile devices. Should your organization follow suit and prohibit the popular app TikTok on company and even personal phones?  Today, the International Association of IT Asset Managers (IAITAM) warned that allowing employees to use TikTok on any devices (including personal cell phones and tablets in a work-from-home context) with direct access to corporate data is “not consistent with maintaining data integrity.”

The TikTok app is taking the world by storm, with controversy brewing over whether the app’s open-ended permissions pose security risks for corporations, government agencies and other organizations particularly during a time when many employees are still working from home (WFH) due to COVID-19.

Concerns about the Chinese-owned TikTok are reminiscent of earlier security worries about Fitbit and Pokémon Go. In 2016, IAITAM called on corporations to ban the installation and use of Pokémon Go on both corporate-owned, business-only (COBO) phones/tablets and “bring your own device” (BYOD) phones/tablets with direct access to sensitive corporate information and accounts. In 2019, IAITAM advocated against Microsoft’s policy decision to let end-users buy some of their own apps and licenses through Office 365, bringing up concerns over how businesses would track IT assets to ensure compliance. Due to such criticism, the technology giant reversed its decision.

The TikTok app has been found gathering data that includes the user’s clipboard history, location and GPS data, much like the Fitbit security breaches that the Department of Defense experienced in 2018, where fitness trackers used location data to map military bases while soldiers exercised.

Dr. Barbara Rembiesa, president and CEO of IAITAM, said: “The TikTok app unnecessarily endangers data in a way that any government agency or corporation should be concerned about. Combine that with the blending of corporate and personal assets due to work-from-home conditions for employees and you have a perfect storm for sensitive data to be placed into the wrong hands.  As things stand today, allowing TikTok in or near your organization’s environment is not consistent with maintaining data integrity.”

Rembiesa continued: “Acceptable data risk needs to be ascertained prior to downloading software and such software should be managed by an IT asset manager. The risk posed by the data permissions of TikTok does not meet data security best practices.  Diligence and education on ITAM procedures are essential for businesses to implement smart digital policies and mitigate security risks.”

Since March, IAITAM has been at the forefront of work-from-home data concerns during the COVID-19 pandemic, issuing multiple warnings on “nightmare data risks”tech headaches and challenges associated with transitioning to work from home.   

Following ITAM best practices is a roadmap for organizations to protect and get the most out of their IT assets. IAITAM offers courses and training opportunities throughout the year for agencies and businesses seeking to strengthen their cybersecurity and IT asset management.
 

One Response to “Guest Post: TikTok Ban? Companies, Agencies Do Not Have Secure Data If Chinese App Allowed on Company, Personal Phones Says IAITAM”

  1. […] really shouldn’t be a discussion as it is clear that it slurps up data like a vacuum cleaner. The International Association of IT Asset Managers (IAITAM) has warned that this is a risk for comp… and companies like Wells Fargo have banned it from devices that their employees devices. And you […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: