Bad Holzer
this postal Recently spoke to Bart Holzer, part of the chief information security officer at Affinity Technology Partners, about the risks governments and businesses may face, particularly as they relate to TikTok.
Does TikTok really pose a security risk to businesses?
Any application or service used by employees that is not controlled or monitored by the organization is a security risk. TikTok is just one of many social media apps that allow users to be tracked and recorded. Allowing such applications to be installed on corporate devices introduces unnecessary risk to the organization. The risks are relative: Enterprises with valuable intellectual property have a much higher risk with unmanaged applications.
The application-as-enterprise security risk underscores the need for organizations to determine their BYOD policies. “Bring your own device” means that employees use a personal computer or, more commonly, a mobile phone to do work. There are security technologies that allow organizations to limit exposure to BYOD — removing work profiles from phones when employees retire is one example. But having full control over the phone means that the device is the property of the organization and given to employees. There are hardware costs and subscription fees involved in purchasing phones for employees, but enterprise businesses need to assess the risks and make business decisions to elevate their security posture to that level. As a start, small and medium-sized companies should consider creating a BYOD program and providing executives with corporate phones.
Why are Tennessee businesses targeted for social media-related attacks compared to government entities?
Social media poses a threat to businesses as it provides a direct link between employees and cyber criminals. An effective tool in a cybercriminal’s toolkit, social media is used to prepare for social engineering fraud and compromise of business accounts. Once a business account is hijacked, other criminal activity can occur, whether it’s stealing intellectual property, moving funds, or using compromised accounts to target more victims. Small and mid-sized companies should realize their value to criminals both monetarily and as part of a larger supply chain – sometimes ultimately targeting the original victim’s customers.
How should individuals assess their own risks associated with TikTok or other social media?
Personal safety should be considered when evaluating social media applications and services, which should include personal safety and the safety of family members, especially minor children. Social media can reveal personal information that can be collated into broad profiles of an individual or family, including lifestyle patterns, wealth status, and security. Think about the information you post online. Does it show when you are on vacation? Does your post show what your house looks like, what neighborhood do you live in, where do your kids go to school, etc.? Do the apps you use tend to protect or share this kind of information by default?
Should other government entities (like big cities like Nashville) enact TikTok bans like several states have enacted, or is this more of a PR move?
In short, the announcement to ban TikTok at the state, county or city level is a PR stunt. All organizations should have a social media usage policy that includes a list of approved apps, or conversely, a list of excluded apps. Adding a social media application to an organization’s policies is not worthy of media attention. Banning TikTok has become a way for some politicians to draw attention to it, given its popularity among its 1 billion users and its alleged ties to the communist regime. In Tennessee, TikTok was added to the list of restricted apps…until now, none of these apps got media coverage. Should Nashville ban TikTok on city-owned devices? That’s the question the city’s CIO and CISO have to answer as leaders of Metro’s information security management program.
