While social media can be a powerful marketing tool, it is not risk free.
TikTok is the latest in a long line of social media platforms to draw negative press and government approbation. Many organisations have chosen to ban TikTok from their devices around national security and privacy concerns: but the issues are not limited to TikTok, and there are several problems related to social media platforms that might give you reason to limit or ban their use.
What are the main risks?
Privacy: while this is mainly a concern for individuals, in a business context this is about control of content, protection of image, and consistent messaging.
Data protection and copyright: As above, apps can sometimes gain access to data they shouldn’t have. In some cases, they can assert rights to content posted through their service.
Reuse of personal information: Many of these apps do not have a glowing record in managing your data, often selling it to the highest bidder in secret.
Mental health, addiction, abusive behaviour: mental health and staff wellbeing is a major concern for organisations, and restricting or eliminating social media tools from the workplace can help keep your staff safe.
Potential legal impacts: defamation and similar legal action is a real risk.
The current furore around TikTok relates to national security and the parent company’s close relationship with the Chinese government, but it’s worth noting that the potential techniques an app like TikTok can deploy against your people and systems apply just as much to Twitter, Facebook, and to third parties who purchase access to your metadata.
In 2020, it was reported that TikTok was accessing the clipboard[1] on Apple’s iOS devices, an activity exposed by a security feature in iOS 14. It was soon uncovered that a vast number of other apps were doing the exact same thing[2].
Facebook were caught out when the Cambridge Analytica data harvest was revealed, and the New York Times reported on various other companies they had shared user data with, which Facebook defended [3]and for a time actively denied.
Nor does Twitter get a free pass, as can be seen in this list of data breaches [4]and issues going back to 2009. In recent times, many users have seen cause to abandon Twitter for alternatives like Mastodon.
The professional networking site, LinkedIn, experienced a data “exposure” in 2021 due to a “violation” of their terms of service where 92% of users’ data was scraped and made available on the dark web.
What can be done?
Your employees need to understand the risk, to themselves and to the business. User education on social media, phishing, and other social engineering threats is a great way to protect your people and your company from major risk. Many call this the “human firewall”.
If you provide your staff with a managed device, you may be able to:
- Prevent installation altogether.
- Limit access to business data on the device.
If your staff bring their own devices, your options are more limited, but you could:
- Introduce a policy (or extend your existing AUP) banning the use of apps at work.
- Include a note that social media use is at the user’s own discretion and risk, noting that their personal information may be accessed, used, and shared by (TikTok or other social media) and, under some circumstances provided to a foreign government or other entity.
- Use network policies to limit or prevent access.
Need help?
Our team can assist with all the above tasks. Reach out today to help protect your business and your staff.
[1] https://www.theverge.com/2020/6/26/21304228/tiktok-security-ios-clipboard-access-ios14-beta-feature
[2] https://www.techradar.com/news/its-not-just-tiktok-another-53-ios-apps-will-snatch-your-clipboard-data
[3] https://www.nytimes.com/2018/12/18/technology/facebook-privacy.html
[4] https://firewalltimes.com/twitter-data-breach-timeline/
