TikTok’s Security Risks: Should Your Business Block the App

TikTok has quickly become one of the most popular social media platforms in the world, with over one billion active users. Its unique algorithm and highly engaging content have made it a favorite among younger generations, who use it for entertainment and to connect with others. However, the app’s popularity has also led to a number of concerns about its security and privacy practices.


For organizations, these security risks are particularly concerning. Companies have a responsibility to protect their sensitive data and ensure the safety of their employees, and allowing access to TikTok on company devices or networks could put both at risk. Employees may unknowingly provide access to confidential company information or be exposed to malware and other security threats through the app.


As a result, many organizations have started to question whether they should allow employees to access TikTok on company devices or networks. Some have even gone so far as to block the app entirely, in order to protect their security and reputation. While this may seem like a drastic step, it is one that many companies and organizations feel is necessary in order to safeguard their sensitive data and ensure the safety of their employees.

TikTok Faces Scrutiny in Congressional Hearing

During a recent congressional hearing, TikTok’s CEO, Shou Zi Chew, faced intense questioning from U.S. lawmakers over the app’s ties to China and the potential security risks posed to American users’ data. The hearing comes as the Biden Administration threatens to ban the app in the U.S. if its Chinese parent company, ByteDance, does not sell its stake in TikTok to an American company. 


With 150 million U.S. users, TikTok has become a contentious issue in the U.S.-China rivalry. Concerns about Americans’ data being accessed by the Chinese state, which could pose a national security risk, have fueled the controversy. TikTok has denied accusations of close ties to the Chinese Communist Party and asserts that sensitive user data is kept on U.S. soil and subject to U.S. government audits. Despite these efforts, lawmakers from both sides of the aisle have condemned the app, expressing concern that the Chinese state could use TikTok to covertly influence the American public.


The congressional hearing was expected to focus primarily on national security, but multiple lawmakers also expressed concerns about TikTok’s impact on children. Representative Frank Pallone, a Democrat from New Jersey, highlighted research showing that TikTok’s algorithms recommend videos that create and worsen emotional distress among teens, including videos promoting suicide, self-harm, and eating disorders. Representative Gus Bilirakis of Florida also criticized TikTok for inadequate content moderation, which exposes children to harmful content.


During the hearing, Bilirakis accused TikTok’s CEO, Shou Zi Chew, of promoting technology that leads to death, citing examples of harmful content served to children. In recent months, TikTok has launched several features to provide additional safeguards for younger users, including setting a 60-minute daily time limit for those under 18. However, lawmakers criticized this feature as being too easy for teens to bypass.

Security Concerns Explained 

One of the greatest security concerns regarding TikTok is how the app is related to China. Many Western lawmakers and regulators are becoming increasingly concerned about the potential for TikTok and its parent company, ByteDance, to compromise sensitive user data, such as location information, and make it available to the Chinese government. This concern stems from Chinese laws that permit the government to access data from Chinese companies and citizens in a covert manner for intelligence purposes. 


TikTok collects data on individuals who post content on the app, as well as those who simply watch it. This data collection is a concern that is shared across various social media platforms, as the data may be used for purposes that individuals are uncomfortable with.

By agreeing to an end-user license agreement (EULA) when using social media apps, individuals are essentially consenting to provide a vast amount of personal data on an ongoing basis.


Data collection occurs through the process of connecting your phone to a server, which results in the server obtaining the Internet Protocol (IP) address. Geolocation can then be determined easily, allowing for the tracking of connected electronic devices and pinpointing the user’s location within close proximity, sometimes even within 10 meters. This level of geolocation data makes it possible for companies to track an individual’s daily routine and movements with relative ease.


Additionally, there are fears that TikTok’s content recommendations could be exploited by China for spreading misinformation. Despite these concerns, TikTok has consistently refuted such allegations and attempted to distance itself from ByteDance.

Should You Block TikTok?

Federal agencies have banned TikTok on government-issued devices. Businesses may want to consider banning the app on their issued devices as well. While TikTok may be a fun and engaging platform for personal use, its potential risks to sensitive business information and data security cannot be ignored. As TikTok collects vast amounts of personal data from its users, including location and device information, it raises concerns about the app’s potential to compromise sensitive business information. By banning TikTok on company-issued devices, businesses can take proactive steps to protect their data and prevent any potential security breaches.


At vTECH io, we provide various cybersecurity solutions to businesses and organizations, including a “cloud application control” feature that can help prevent security threats posed by apps like TikTok. This feature enables businesses to easily block unwanted apps from their networks and devices, including those that may have been flagged by the federal government. By implementing this type of solution, businesses can significantly reduce the risk of data breaches and other cyber threats. To learn more about our cybersecurity solutions, click here and we will partner together to create a more secure environment. 


Partnering for a Secure Future: How Local and State Governments Can Implement the US National Cybersecurity Strategy

On March 2, the Biden-Harris Administration released a National Cybersecurity Strategy aimed at securing a safe and secure digital ecosystem for all Americans that aligns with American values. The strategy involves fundamental shifts in how roles, responsibilities, and resources are allocated in cyberspace, including shifting the burden of cybersecurity away from individuals, small businesses, and local governments onto organizations that are best positioned to reduce risks for all of us. 


The National Cybersecurity Strategy is centered around five key pillars that aim to strengthen cybersecurity and encourage collaboration. These pillars include the defense of critical infrastructure, the dismantling of cyber criminals, the shaping of market forces to promote security and resilience, investment in a resilient future, and the forging of international partnerships. The strategy strives to ensure the privacy and security of personal data, reduce technical vulnerabilities, prioritize cybersecurity research and development, and establish joint preparedness and response with international partners. The Office of the National Cyber Director is spearheading the implementation of this strategy.

The Pillars 

Pillar 1 – Defend Critical Infrastructure: The National Cybersecurity Strategy aims to make critical infrastructure and essential services more available and resilient by expanding minimum cybersecurity requirements in key sectors. The strategy also aims to reduce the burden of compliance by harmonizing regulations, facilitating public-private collaboration, and modernizing federal networks while updating incident response policy.


Pillar 2 – Disrupt & Dismantle Threat Actors: The National Cybersecurity Strategy aims to render malicious cyber actors incapable of threatening national security or public safety by leveraging all instruments of national power. The strategy aims to use all national power tools to disrupt adversaries, including working with private companies in scalable ways to achieve this goal.


Additionally, the strategy focuses on addressing the ransomware threat by implementing a comprehensive Federal approach and working in collaboration with international partners to tackle the issue.


Pillar 3 – Shape Market Forces to Drive Security & Resilience: The National Cybersecurity Strategy has a focus on shaping market forces to drive security and resilience in the digital ecosystem. The strategy aims to place responsibility on those who can best reduce risk and shift the consequences of poor cybersecurity away from the most vulnerable in order to make the digital ecosystem more trustworthy. 


The strategy wants to achieve this by protecting people’s privacy and security, making software safer, and using government funding to support secure and long-lasting infrastructure. By implementing these measures, The National Cybersecurity Strategy intends to create a more secure and trustworthy digital ecosystem for everyone.


Pillar 4 – Invest in a Resilient Future: To foster a resilient future, The National Cybersecurity Strategy plans to make strategic investments and coordinate collaborative action. The aim is for the US to lead the world in the innovation of secure and resilient next-generation technologies and infrastructure. This includes reducing systemic technical vulnerabilities in the foundation of the Internet and across the digital ecosystem while making it more resilient against transnational digital repression. 


Moreover, the strategy gives precedence to research and development in cybersecurity for emerging technologies like post-quantum encryption, digital identity solutions, and sustainable energy infrastructure. The strategy also focuses on developing a diverse and robust national cyber workforce.


Pillar 5 – Forge International Partnerships to Pursue Shared Goals: To pursue shared goals and promote responsible state behavior in cyberspace, The National Cybersecurity Strategy  seeks to forge international partnerships. The strategy’s objective is to discourage irresponsible behavior in the digital world by making it expensive and unpopular. It also aims to work with other countries that have similar goals to address threats to the digital ecosystem. This will involve preparing together, responding to threats together, and imposing costs on those who behave irresponsibly.


Moreover, the United States wants to enhance the ability of its partners to protect themselves against cyber threats, both in normal situations and during emergencies. Lastly, the US plans to collaborate with its allies and partners to create dependable and safe global supply chains for information, communication, operational technology products, and services.

Implementing the National Cybersecurity Strategy at the Local Level 

Local and state governments can look to the Biden cybersecurity strategy as a model for implementing similar measures at the local level. The strategy presents a complete plan for improving cybersecurity and resilience in essential services and critical infrastructure, safeguarding the privacy and security of personal data, and developing international collaborations to achieve common objectives.


One of the primary pillars of the strategy is focused on defending critical infrastructure. This involves establishing minimum cybersecurity requirements for critical sectors, enabling public-private collaboration, and modernizing federal networks. Local and state governments can take similar actions to safeguard critical infrastructure within their jurisdictions. This may include collaborating with private sector partners to establish minimum cybersecurity standards and developing incident response plans to quickly respond to potential cyber threats.


Investing in a resilient future is another essential aspect of the strategy. This includes reducing technical vulnerabilities, prioritizing research and development in cybersecurity, and building a strong and diverse cyber workforce. Local and state governments can follow this lead by emphasizing cybersecurity research and development, investing in secure and durable next-generation technologies and infrastructure, and creating programs to attract and develop cyber talent.


By adopting measures based on the Biden cybersecurity strategy, local and state governments can strengthen their cybersecurity and resilience, and help contribute to a safer and more secure digital ecosystem.

Partnering with vTECH io for Local and State Governments’ Cybersecurity Needs

To summarize, the Biden-Harris Administration unveiled the National Cybersecurity Strategy with five pillars to ensure digital security. These pillars assign new responsibilities, roles, and resources to safeguard critical infrastructure, discourage cybercrime, prioritize security, invest in the future, and establish global partnerships. Local governments can adopt this model to enhance cybersecurity and create a safer digital environment. 


At vTECH io, We understand the unique challenges that local and state governments face when it comes to cybersecurity, and we are equipped with the knowledge and skills necessary to develop tailored solutions that meet your specific needs. Our expert team can help you create cybersecurity measures based on the latest and most effective cybersecurity strategies. To contact us simply click here, fill out the form, and you will be one step closer to creating a secure environment for your organization.