What’s the Deal with TikTok?

Top News in Cyber Defence

What’s the Deal with TikTok?

I have been asked recently, what is behind all the TikTok hate? Why are we seeing actions from governments around the world to block it?  Should I be concerned?  The simple answer is, probably. Do most apps collect more data than they need and work to monetize it, and you? You bet. So why is TikTok getting so much attention?  It has one of the worst terms of service ever seen that goes significantly further than most popular apps. When that is combined with the ownership of the data being a nation state with a track record of surveillance in North America and Europe, it’s a cause for deep concern.

Firstly, the app collects a lot of data. A ton of data. Obscene amounts amount of personal data. GPS and location data, device information, browsing history, and even biometric data. What else? When you sign up, you agree to allow TikTok to share this data with anyone they want. Did you know you agreed to giving away all that data on your device to be sold, shared and distributed?

But wait, it gets better. Those very same terms of service include wide, overreaching authority and rights to user-generated content – your content – and all of it. This allows the company to use and distribute videos, pictures, and any other content without your consent or compensation. Copyright infringement? You don’t have a leg to stand on.  All that hard work making great videos and content? That isn’t your content anymore once it’s been published. It now belongs to TikTok, you have given away your rights to the digital content.

It couldn’t get worse, could it? It gets worse. Lastly, that wonderful contract you signed also included a waiver that you are not allowed to participate in any class-action legal proceedings against the firm. That means any malicious usage (that you didn’t already agree to), you will have to go after the company in arbitration and cannot use the court system. Good luck. All that is crazy right? Nope, you agreed to it. Here is another thought: do any employees in your organization have the app installed on their device? TikTok is not the only application with concerning terms of service and data usage, but it may be the most concerning. So, what can you do? All organizations should consider implementing policies that restrict the use of certain apps or devices, particularly those that collect significant data. Doing so will minimize the risk of data breaches or leaks. This is especially important for companies that handle sensitive information or have strict compliance requirements. Having simple standards and policies around corporate device usage at your organization that defines clear guidelines and best practices for users to protect themselves from apps with excessive data collection. This doesn’t just mitigate risk from social media apps, it can reduce significant amounts of cyber risk. Period. All organizations can leverage these media events to highlight their own security posture with regards to technology risk, operational outages, and cyberattacks. The good news? Setting clear standards and promoting buy-in to adhere to them is a very efficient and effective way to protect your critical assets. – Rob Stewart, White Tuque Founder & CEO

Would you like more information on this topic?

Revealing the Power of Cyber Asset Management

In the fast-paced digital era where organizations heavily rely on technology, managing cyber assets has become a critical aspect of ensuring a secure and resilient digital landscape. Cyber Asset Management (CAM) plays a pivotal role

Vulnerability Management at QSC Orlando

By Raymond Kyte VCM Team Lead Qualys Security Conference (QSC) is an annual highlight for everyone in the Qualys ecosystem. It’s a yearly chance to connect directly with the decision makers, front-line staff, and customers

Work With Us.

  •  

Robert D. Stewart

Founder & Head, Strategic Threat Intelligence

Robert is a technology incident and crisis management specialist with over 3200 hours leading critical recoveries and investigations within regulated industries.

Robert has built cyber incident and global crisis processes for the Fusion Centres of two major North American banks. With an extensive focus on operational resiliency, Robert worked as a Global Crisis Management Specialist, leading the technical migration for the pandemic for a multi-national financial institution.

Robert is a threat intelligence specialist focused on preventing large scale incidents and attacks before they happen, with unparalleled experience in incident response: 650 critical incidents within the global financial sector leading to the recovery of over 250 unique global financial systems, with 6000 executive communications and briefings issued, and over 200 post-incident reviews.