TikTok is one of the world’s most popular social media platforms. You can use it to view or share short-form video content. Because of its massive popularity, TikTok collects a massive amount of data from users. TikTok’s data collection policies and practices have been a source of major concern because of numerous data leaks and scandals. TikTok’s issues with data security should be a major lesson for other businesses about properly collecting and storing data.
Major Security Concerns around TikTok
These are the four major security concerns around TikTok.
1. Data collection and sharing
TikTok collects and shares multiple types of user data, including its users’ personal information, location data, as well as device and app usage data. It collects this information through cookies and other tracking technology. TikTok employs this user data to personalise user experiences, deliver customised user experiences, and tailored advertising.
TikTok may also share this data with external entities like other service providers, legal authorities, advertising and analytic partners. The jurisdiction surrounding TikTok’s collection and use of user data varies from country to country. Users should check TikTok’s privacy policies for their specific country.
2. Data security
There have been multiple recorded instances of TikTok’s data security vulnerabilities being exploited. For instance, A hacker in September 2022 claimed to have stolen 2 billion data records from TikTok, but the social media platform denied the claim. TikTok stated their security team found no evidence of such a breach.
In 2020, a security researcher named Muhammad Taskiran discovered a vulnerability in the tiktok.com domain. Muhammad Taskiran discovered that this vulnerability could potentially be exploited such that malicious code could be executed in a user’s browser session. This instance also highlights the platform’s questionable security system.
Many security experts have recommended TikTok users frequently change their passwords and implement two-factor authentication. Other experts have also stated that vulnerabilities like Cross-Site Scripting (XSS), phishing emails, and weak passwords can be exploited to hack TikTok accounts.
3. Content moderation
Many security experts and policymakers have repeatedly criticised TikTok for its content moderation policies, specifically regarding child safety and hate speech. These experts state that TikTok does not effectively remove hate speech, including racist and violent content.
The platform also faces the issue of false information and conspiracy theories. TikTok has repeatedly been accused of not removing content that includes false information about events like public health issues or elections.
TikTok’s official response to these concerns has been to hire legal experts to review their content moderation policies. TikTok has also formed a Content Advisory Council composed of outside advisors that help guide their policies.
4. Political influence
Many security analysts have been concerned about TikTok’s political influence due to the platform’s large user base and Chinese ownership. TikTok has even been accused of censoring content in 2020 during the U.S. Presidential election. These same analysts also state that the platform’s Chinese ownership results in TikTok censoring specific content.
TikTok responded to these allegations by publishing transparent content moderation policies and periodically releasing transparency reports. They’ve also created partnerships with fact-checking organisations to prevent misinformation and tried to build a separate data centre in the U.S.
But, these measures have proven insufficient to prevent misinformation and political influence on TikTok. Users should be mindful of the platform’s policies and mindfully engage with the content they find on TikTok.
What Does TikTok Saga Teach Small and Medium Businesses about I.T. Security?
These are the six most important lessons for small and medium enterprises (SMEs) in Australia to learn from TikTok.
Understand the data you collect
SMEs should critically evaluate the data they collect from clients and stakeholders. They must ensure their data collection practices are transparent and easily communicated to users. They must also only collect necessary and relevant data. Businesses should not collect irrelevant data or store data insecurely.
The best way for businesses to achieve these goals is by minimising data collection to only the most relevant information. Businesses must also reveal the type of data they collect and their reasons for collecting it. Additionally, they should adhere to both local and international data protection laws.
Lastly, businesses should deploy appropriate data security measures to ensure no unauthorised data breaches. They must also regularly review and update their security protocols. SMEs can build customer trust by increasing transparency and international data compliance.
Evaluate third-party apps and services
Most small businesses will inevitably use third-party applications and services. So they’ll have to ensure these applications have proper security measures to protect user data. This can be achieved with the following seven steps.
- Research: Investigate the application provider by researching its reputation and reviews.
- Privacy and security policies: Examine the application’s security policies to confirm whether they comply with local and international data privacy laws.
- Data handling practices: Ensure the application has appropriate data collection, storage, and processing practices.
- Encryption: Confirm the application employs an appropriate encryption method.
- Access control: Confirm the application uses access controls like multi-factor authentication.
- Auditing and monitoring: Verify that the application has regular security audits and monitoring services to identify potential threats.
- Incident response planning: Check whether the application provider has an appropriate response plan for potential security incidents.
Carefully evaluating your third-party applications and services will ensure that small businesses minimise data security risks and maintain compliance with data protection regulations.
Implement strong password policies
SMEs should implement the following strong password policies to protect their data.
Strong passwords: Only accept long passwords with a mix of uppercase letters, lowercase letters, numbers, and special characters to make them harder to guess.
Password expiration: Require users to regularly change passwords over 60 to 90 days.
Password history: Users must not be allowed to reuse recent passwords when required to change passwords.
Authentication measures: Require two-factor authentication for all accounts.
Employee education: Provide educational seminars and training to all employees about best password practices.
Implementing these strong password policies helps small businesses improve their cyber security and reduce the likelihood of cyber attacks. This proactive approach will help businesses maintain a strong and tight digital infrastructure, ultimately protecting the company and its customers.
Regularly update software and systems
It’s vital for small businesses to regularly update their software and computer systems to protect their business from vulnerabilities and cyberattacks. SMEs can configure their systems to regularly receive automatic updates and maintain a regular inventory of digital assets to improve their security situation.
SMEs can compound these efforts by providing cyber security training to employees to improve their online behaviour. The cumulative effects of these policies should be a considerable improvement in a company’s digital infrastructure, ensuring it remains secure from external threats.
Train employees on IT security best practices
SMEs need to train their employees on I.T. best practices since employee behaviour is critical for digital security. Proper IT security training helps employees recognise potential threats like phishing scams and store their data efficiently.
Educating employees about these threats reduces the likelihood of them committing mistakes that could harm the company. To be effective, a company’s entire workforce must be fully educated on I.T. security practices.
Develop an incident response plan
Even the best preparation doesn’t guarantee a company never suffers from a security breach. No matter how good your company’s cyber security policies are, it’s vital for you to build an incident response plan. This plan will outline your company’s steps and procedures if it ever suffers a security incident.
Important components of the plan include the following:
- How to detect and contain security breaches
- How and what to communicate with affected users
- How to collaborate with law enforcement agencies
- How to conduct an appropriate post-incident review
An SME should thoroughly prepare and regularly update its incident response plan to ensure it is resilient to security threats and able to withstand potential cyber-attacks.
The controversy surrounding TikTok’s lack of data security reveals that not having appropriate data security can cripple a business. This applies not only to massive platforms like TikTok but also to small businesses.
Implementing effective IT security policies isn’t easy. You may even need professional help to introduce the right data security policies for your company. You can contact PowerbITs for a free consultation to help set up the right data security policies for you.