Home Data Security A CISO’s perspective on a TikTok ban and what it means for enterprises 

A CISO’s perspective on a TikTok ban and what it means for enterprises 

by WeeklyAINews
0 comment

Be part of prime executives in San Francisco on July 11-12, to listen to how leaders are integrating and optimizing AI investments for achievement. Learn More


The federal authorities is contemplating pushing an outright ban on the video-sharing app TikTok throughout the U.S., simply weeks after banning the app from all U.S. authorities gadgets. Citing knowledge privateness issues stemming from TikTok’s mum or dad firm, the Chinese language agency ByteDance, officers have made it clear that they consider the app might be used to spy on People’ private info and ship that knowledge on to the Chinese language authorities, which is understood for cyber-theft of IR, commerce secrets and techniques and different proprietary info from Western corporations to advance its personal nationwide safety priorities.

Contemplating what to do about TikTok

However for companies that use TikTok for advertising and marketing or make use of any of the 150 million People who’ve the app, what’s to be achieved? The reply, for now, lies in following fundamental safety hygiene practices for all data-collecting apps, not simply TikTok. 

The fact is that it doesn’t matter what TikTok’s affiliation with the Chinese language authorities is, it’s not the one app that’s able to actively farming person knowledge. Snapchat, Google and Meta all reap the benefits of person knowledge to extra granularly goal advertisements and perceive person conduct.

No firm is resistant to cyber-breaches and knowledge theft, a lot of that extremely private knowledge may be doubtlessly uncovered by an adversary. TikTok does knowledge assortment on a big scale due to the dimensions of its person base and present recognition, however typically, for those who’re not paying for the app or service, it’s utilizing your knowledge to generate income.

See also  Why attackers love to target misconfigured clouds and phones

After all, the explanation we — and Congress — are having this dialogue proper now could be that, in contrast to any of these social media corporations, TikTok is owned by a overseas firm affiliated with China. Though we must be cautious when utilizing social media platforms, irrespective of who owns them, TikTok is amassing large quantities of knowledge from American customers, and we don’t know what that knowledge is getting used for or if a overseas authorities has entry to the information.

Is BYOD best for you?

This is the reason enterprises that enable workers to carry their very own gadgets into the workplace or conduct work on them — “BYOD” — ought to instantly reevaluate their insurance policies. Extra particularly, they need to ensure that they’re conscious of the varieties of firm info workers have on their private gadgets, and take the mandatory measures to make sure that info is separated from the remainder of the apps on these gadgets. 

There are controls that organizations can implement to make sure that delicate firm info isn’t being collected by any sort of app, TikTok or not. However typically, employers can’t situation an outright ban on workers downloading no matter app they’d like onto a private system. Organizations can have acceptable use insurance policies (AUPs) that administratively require workers to not use social media, together with TikTok, whereas on firm time, however that isn’t a ban on having the app on the system. It additionally doesn’t stop the app from amassing info, which it does on a regular basis.

See also  Report: Security teams take an average of 6 days to resolve alerts 

Technical options that may be put in on private gadgets to forestall delicate work info from being collected by apps, or, for instance, downloading delicate paperwork from e mail, should be arrange, maintained and monitored. That may be costly and time-consuming, and it requires a corporation to have good knowledge dealing with practices in place already, together with classifying info and belongings and having visibility into how that info is processed and used on workers’ private gadgets. Enterprise safety leaders ought to perceive precisely what info they should defend to make higher threat choices about how that info is dealt with.

What about work telephones?

The choice route for enterprise involved about TikTok’s knowledge assortment practices is to situation its personal gadgets to workers, pre-loaded with safety controls that stop unknown or unauthorized purposes from being downloaded. If the group owns the system, they will management precisely what’s allowed to be achieved and downloaded onto the system to make sure correct safety protocols are being adopted.

However issuing firm gadgets may also be costly, and enterprises contemplating the choice to buy laptops or telephones for workers should consider comfort, enterprise imperatives and data safety threat. 

The particular dangers highlighted by the TikTok situation usually are not new however have reached a brand new degree of visibility as a result of app’s unbelievable recognition. Whereas Congress deliberates on banning the app, enterprise safety leaders know that the difficult situation of information privateness and worker property doesn’t finish with TikTok, and discovering new options will likely be crucial as different data-collecting apps rise in utilization. There’s by no means been a greater time for these leaders to carry safety to the entrance and middle of their organizations’ priorities.

See also  How prompt injection can hijack autonomous AI agents like Auto-GPT 

Adam Marrè is Chief Info Safety Officer at Arctic Wolf.

Source link

You may also like

logo

Welcome to our weekly AI News site, where we bring you the latest updates on artificial intelligence and its never-ending quest to take over the world! Yes, you heard it right – we’re not here to sugarcoat anything. Our tagline says it all: “because robots are taking over the world.”

Subscribe

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

© 2023 – All Right Reserved.