It appears as if the UK is following in the steps of the European unions ban on TikTok on government devices. Risk assessments need to be undertaken and any apps which pose a threat to the government should be removed. However, there is a lack of transparency in these efforts and no real indication is given as to the actual data which is collected by TikTok and who it is shared with and for which purposes. If we were to apply this principle to other social media sites, and mobile apps in general, then many of the apps would not pass this bar. If there is a political risk, then this should be stated so that others can make informed risk decisions too, rather than using the blanket term that is being done for cybersecurity reasons – because most apps will collect data and transmit it to third parties.
Tom Davison, Senior Director Engineering International at Lookout:
“The National Cyber Security Centre publishes advice on drafting and implementing ‘Bring Your Own Device’ and ‘Acceptable Use’ policies so why they don’t have any for Government staff is unclear. Most Social Media platforms gather vast amounts of data that users would rather they didn’t, but personal choice allows individuals to trade their privacy for functionality. They really shouldn’t be allowed to apply the same approach whilst they are engaged in Government business at any level. We’re clearly jumping on the Bad-TikTok bandwagon here but a more useful exercise would be to review and restrict Social Media access across the estate.”
Just a decade ago, the notion of corporate managers and government officials possessing smart mobile devices that could instantly access work information was a novelty. Today, these devices are ubiquitous, internet speeds have vastly improved, enabling individuals to consume copious amounts of high-quality content at the click of a finger.However, with this heightened connectivity, communication, and entertainment, there is the possibility of malicious actors exploiting device vulnerabilities and gathering sensitive data. This sometimes very personal data can then be on-sold to the highest bidder creating a risk factor for companies and government agencies where (potentially compromised) individual contributors are handling sensitive trade or state secrets and may now be vulnerable to blackmail.It is therefore imperative that companies and government agencies prioritise their security measures, safeguarding their employees and enterprises from potential threats.