By: Clay Miller, CTO, SyncDog
Unless you’re still in vacation-mode from the holiday season and haven’t been paying attention to cybersecurity news, you know that there are a lot of security discussions surrounding the Tik-Tok app. Owned by ByteDance, a Chinese-based company, Tik-Tok is a video-sharing social media platform popular amongst people aged 34 or younger in 155 countries. The tagline “Real People. Real Videos.” encapsulates the purpose of this user-generated content sharing system.
The Latest Threats Surrounding Tik-Tok
The average smartphone user doesn’t think twice before downloading a foreign-made app; however, time has proven this to be a mistake. On the cusp of the new year, the DoD advised U.S. military branches to bar military personnel from downloading and utilizing Tik-Tok on “government-issued smartphones” and discouraged its use on their personal phones due to the potential cyber threat from foreign actors. Just earlier this month, various vulnerabilities were found, one of which allowed hackers to gain control of some users’ accounts, unscrupulously edit content and reveal private contact information.
The Risk Goes Both Ways
There are a number of potential risks when using an adversarial country’s technology, especially when the country has a history of extensive state-sponsored intelligence-gathering tactics. This is not really even a China vs. U.S. risk; any state that uses technology sourced from an external entity assumes a higher risk of compromise than if its sources were local and trusted.
Who Should Avoid Tik-Tok
Tik-Tok could certainly be gathering data on its users, including location, timestamps, IP addresses, etc. This is especially true if an app is used on a military base or another sensitive location. Its data could be aggregated with other intel, resulting in a security risk. The U.S. military certainly has the authority to ban the application within its own ranks. Defense contractors could, and maybe should, also fall under this restriction.
Does Uninstalling Tik-Tok Eliminate Risks?
Uninstalling Tik-Tok is a singular action. It cannot be said that uninstalling Tik-Tok will guarantee the general security of a military employee’s data, but it can ensure that future data will not be exposed via interaction with Tik-Tok. This action must be taken as a broader security strategy across an entire organization that includes being able to remotely manage devices, enforce policies, ensure encrypted data storage and transport, etc.
Not using Tik-Tok may be a good idea, but it must be coupled with a larger security strategy, otherwise, it is just a drop in a very large bucket of potential vulnerabilities.
8 Ways to Avoid Data Breach on Personal Devices
- Being careful about the apps you install
- Controlling the permissions settings of those apps
- Ensuring data is stored and transferred using strong encryption
- Setting biometrics and lock codes on devices
- Choosing strong passwords
- Avoiding password reuse
- Ensuring their home routers have strong passwords
- Do not use the default admin passwords to manage that device
SyncDog’s Secure.Systems is an encrypted, containerized application that protects organizations’ data on employees’ personal work devices. Learn more about how Secure.Systems is a one-stop-shop solution to your mobile security and device management needs. You can also request a demo to give it a try!