Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Governance & Risk Management
Wells Fargo Bans TikTok App on Company Devices
Meanwhile, Amazon Sends Mixed Signals to Employees About Use of Social Media AppWells Fargo, the fourth largest bank in the U.S., has directed employees to remove the TikTok social media app from their company-issued devices, citing security concerns.
See Also: The State of OT Security: A Comprehensive Guide to Trends, Risks, and Cyber Resilience
The bank's move to ban the app on corporate devices comes after Amazon sent mixed signals to employees on Friday about whether they should remove TikTok from their company-issued devices, according to the New York Times. The online retail giant later said a memo asking employees to remove the app was sent in error, an Amazon spokesperson told Information Security Media Group.
TikTok, which is made by the Chinese company ByteDance, has grown in popularity over the last several years, especially among younger users. It's also drawn the ire of some lawmakers and officials in Washington who are concerned about whether data collected by the app is shared or transferred to the Chinese government.
This security scrutiny has led some companies and government agencies to ban the app. For example, in January, the U.S. Navy and Army banned military personnel from using the social media app on government-issued phones after the U.S. Defense Department identified TikTok as having security risks (see: US Army Follows Navy in Banning TikTok App: Report).
Wells Fargo and TikTok
A Wells Fargo spokesperson confirmed to ISMG that it had asked employees to remove TikTok from company-issued devices, such as smartphones, earlier this month.
"We have identified a small number of Wells Fargo employees with corporate-owned devices who had installed the TikTok application on their device," the Wells Fargo spokesperson says. "Due to concerns about TikTok’s privacy and security controls and practices, and because corporate-owned devices should be used for company business only, we have directed those employees to remove the app from their devices."
A spokesperson for TikTok could not be immediately reached for comment on Monday. Previously, its parent company, ByteDance, announced it would separate TikTok from the rest of the firm and would store user data in the U.S. rather than China, according to the New York Times.
TikTok has also hired Kevin Mayer, a former top executive from Walt Disney, as its CEO and has released two "transparency reports," the latest published on July 9.
TikTok Under Scrutiny
Since the start of the year, TikTok has faced more scrutiny from U.S. lawmakers and Trump Administration officials who have raised concerns about the app, what data it collects and what connections the parent company has to the Chinese government.
In March, Republican Senators Josh Hawley of Missouri and Rick Scott of Florida introduced a bill that would ban federal employees from using TikTok on any government-issued devices. The legislation is pending in the Senate Homeland Security and Governmental Affairs committee.
In an interview earlier this month with Fox News, U.S. Secretary of State Mike Pompeo said that the Trump administration is "looking at" a ban on federal employees' use of TikTok because of concerns about Chinese use of the app for surveillance purposes as well as corporate ties to the Chinese government. The government has expressed similar concerns about the Chinese telecom equipment firms Huawei and ZTE (see: FCC: Huawei, ZTE Are 'National Security Threats').
Warnings Issued
In light of the government’s concerns, more enterprises are issue warnings to their employees about potential cybersecurity threats posed by TikTok even if details about the alleged risks are "cloudy," says Chris Pierson, the CEO and founder of cybersecurity firm BlackCloak.
"Enterprises have an obligation to control and will control the risk postures of all corporate-owned devices," Pierson tells ISMG. "This may soon stretch to BYOD devices as well for some highly regulated industries. The personal lives and work lives of the U.S. worker have never been so entangled, especially with COVID-19, and this will only increase given the new normal of remote work."
Mike Hamilton, the CISO of security firm CI Security, says that free social media apps such as TikTok don't pose a threat to government agencies or private companies on their own. The bigger issue is sorting out the app's corporate ownership and what ties a company may have to the government of China or another government.
"The problem arises when this particular social media platform has the support, if not overt cooperation, with the Chinese government," Hamilton tells ISMG. "If the data collected is used for ad targeting, that’s one thing. If the data is used to understand associations between individuals - such that the shortest route to an intelligence asset through an influencer that can be identified - the data becomes a tool for espionage."
In January, Check Point Research said it had determined that the TikTok app had vulnerabilities that gave it the ability to send users malicious links, view sensitive account data and delete or add content to a user's account (see: TikTok App Had Major Security Vulnerabilities). But TikTok said it fixed those flaws.
Managing Editor Scott Ferguson contributed to this report.