Should we be deleting TikTok from company mobile devices?

In recent weeks, concerns have arisen around the popular and successful app, TikTok, and whether it could be a threat to businesses. The app has undoubtedly become a cause of concern for businesses, including the BBC who has urged its staff to delete the Chinese-owned app from corporate mobile phones. Staff from the BBC were guided on Sunday - “If you do not need TikTok for business reasons, it should be deleted.”

This follows bans on company devices by the US government, Australian government, UK government, the European Parliament, European Commission, the EU Council and even the US state of Montana. So, as businesses, should we be following in their footsteps and banning TikTok from corporate mobile devices used by employees?

Why the ban?

The cause for concern stems from the UK government after they decided to ban the app on government-issued phones. This is because the Chinese government has been accused of accessing sensitive data via the ownership of this app, ByteDance. The Cabinet Office explained: “The ban comes after Cabinet Office ministers ordered a security review. This looked at the potential vulnerability of government data from social media apps on devices and risks around how sensitive information could be accessed and used by some platforms.”

They also mention that the decision was aligned with a similar restriction which was brought to light by international partners, including the US and Canadian governments, as well as the European Commission. So, as innocent as the entertaining and comical app may seem, perhaps there are real issues that pose a threat to security and privacy.

Do I need to be concerned about TikTok?

TikTok requires users to give their permission for the app to gain access to data on the account, which is then collected and stored by the company. Therefore, this allows the app owner to access data on the device, including corporate data like contacts, user content and increasingly worrying geolocation data.

Whilst most social media apps, like Instagram, Facebook and Snapchat, include similar terms, the main concern for TikTok is that it is owned by the Chinese. Therefore, not only are there worries for governments over data use, there are also claims the Chinese could be using the app to promote and circulate pro-Chinese views. That said, TikTok executives have said the company has not promoted or censored videos to satisfy Chinese government requests, but it’s not something that can be dismissed lightly.

Do businesses need to ban TikTok?

So, with the UK government advising that TikTok should be banned, let’s talk about businesses. For businesses, particularly SMEs, imposing a ban won’t be necessary. This is because TikTok is an important marketing channel for them as they are able to directly communicate with their target customers. It’s an incredibly cost effective way to promote their product and services. Switching marketing strategies may not be as successful due to the transparent and authentic nature that TikTok creates. So, for smaller businesses especially, this may not be an option.

But if the BBC are advocating a ban, surely other businesses should follow? Well, not necessarily. Like governments, the BBC service is global and often handles extremely sensitive data which could potentially be at risk.

However, just because you don’t necessarily need to ban TikTok from corporate devices, it doesn’t mean you can be careless about mobile device security – you can’t.

Tips to securing corporate mobile devices

Corporate mobile devices issued to staff often hold confidential company data. If it’s not stored on the device directly, it is used to access company systems, like directories and databases. Also, with social media being such a crucial marketing channel for many companies, most will have the main social apps uploaded, including TikTok.?

Therefore, for all businesses, but particularly larger organisations, it is vital your corporate mobile device security is to a high standard. Here are our top tips for mobile device security.?

1. Always use strong passwords/biometrics. Strong passwords and biometrics, like face ID and fingerprint make it almost impossible for someone to access your device. For businesses, it’s a good option to create passwords for your staff using a password generator and change them every three months. Consider using multi-factor (two-factor) authentication for certain apps, like social media, or websites adds an extra layer of security.?

2. Use the encryption feature on devices. There are very few mobile devices these days that don’t have encryption features built-in. However, most aren’t enabled. Whilst encrypting data on the mobile device may add a little extra time to the process, it does add to the security of the data. But if using the encryption feature, always make sure the device is backed up as some mobile devices will automatically delete all the data if the wrong encryption password is entered multiple times.?

3. Install antivirus software. We do it on our computers and laptops so why not our mobile devices. Antivirus software will protect against malicious malware when downloading files and installing apps. In addition, some software adds extra features including erasing data if the device is lost, tracking and blocking unknown callers, and advising on unsafe applications.?

4. Always implement software updates immediately. Whether this is your operating system updates or corporate software updates, make sure they are implemented straight away. Mobile device and other firmware companies issue updates on a regular basis and they often include security patches to known vulnerabilities.?

5. Back up devices. Try as you might, things happen where you may lose your data or your device. Back up your mobile devices every day to ensure you have a copy should you need to restore the data.

6. Educate your staff. This tip should probably be at the top of the list rather than the bottom. Whilst you can install the latest antivirus software, issue the most secure passwords and stay on top of the latest updates, there’s no way you can avoid human error without educating your staff. From recognizing phishing emails and avoiding downloading apps or files from unverified sources, to not using autofill, logging out of applications when finished and certainly not providing personal information to unconfirmed people or sites, the more aware your staff are about security and their mobile devices, the lower the risk.

At Auxato, we understand the importance of keeping businesses safe and protected. We make sure our security measures are of a high standard so you can be confident that any data transferred via mobile devices, across social media channels or any other means is always safe.

Discover our professional recruitment services and the latest PR, communications and marketing jobs in the UK.