I read that TikTok is a threat to teenagers, but is there a threat to employers?
There are many reported issues with TikTok. Most involve individual users. However, a growing number of organizations use the video sharing platform for marketing and recruiting, so the risks associated with TikTok would extend to any employer that uses the platform.
What separates TikTok mining from other social media is that it demands more permissions than others:
When the app is in use, it has significantly more permissions than it really needs," said Robert Potter, co-CEO of Internet 2.0 and one of the editors of the report.
It [TikTok] grants those permissions by default. When a user doesn't give it permission … [TikTok] persistently asks.
If you tell Facebook you don't want to share something, it won't ask you again. TikTok is much more aggressive.
The report labelled the app's data collection practices "overly intrusive" and questioned their purpose.
The application can and will run successfully without any of this data being gathered. This leads us to believe that the only reason this information has been gathered is for data harvesting, [the report] concluded."
One of the permissions is to access to contact information. With contact information, bad actors can pinpoint phishing which is often used for industrial espionage and social engineering financial fraud.
In addition to data mining, TikTok, like other social media, is filled with scams meant to upload malware.
The Invisible Challenge on TikTok asks users to post nude or semi-nude images of themselves and then use an invisibility filter to cover the nudity.
In response, cyber thieves are proffering a fraud that includes a means to eliminate the filter uncovering the nude image. The unveiling software instead downloads malware meant to steal passwords, credit cards, and other personal information. https://www.dailymail.co.uk/sciencetech/article-11485821/Software-claiming-expose-nudes-TikTok-installs-malware-steal-passwords-more.html
The takeaway is that TikTok asks for or even mines more data than it needs and how that data is or could be used in the future is under scrutiny, along with the typical social engineering risks. In other words, employers beware.
Jack McCalmon, Leslie Zieren, and Emily Brodzinski are attorneys with more than 50 years combined experience assisting employers in lowering their risk, including answering questions, like the one above, through the McCalmon Group's Best Practices Help Line. The Best Practice Help Line is a service of The McCalmon Group, Inc. Your organization may have access to The Best Practice Help Line or a similar service from another provider at no cost to you or at a discount. For questions about The Best Practice Help Line or what similar services are available to you via this Platform, call 888.712.7667.
If you have a question that you would like Jack McCalmon, Leslie Zieren, or Emily Brodzinski to consider for this column, please submit it to firstname.lastname@example.org. Please note that The McCalmon Group cannot guarantee that your question will be answered. Answers are based on generally accepted risk management best practices. They are not, and should not be considered, legal advice. If you need an answer immediately or desire legal advice, please call your local legal counsel.