The debate about whether the Chinese app TikTok should be banned for government employees fills column meters around the world. In the USA, France and Denmark as well as in several EU bodies, the ban is already a fact. However, instead of focusing on whether TikTok is or isn’t, management and IT teams should instead use the debate as a wake-up call to review the security of apps and mobiles in the enterprise.
Risk versus benefit
It’s no secret that all apps collect some form of data. When installing a new app, it’s not uncommon for the app to ask for access to both the microphone, camera, contacts, and calendar — areas that could potentially contain very sensitive information — especially if it falls into the wrong hands. Apps and digital services have historically been used as tools for unauthorized data collection. This is precisely why one should carefully weigh risk against benefit when it comes to apps and services in devices used in the workplace.
Is personal responsibility enough?
In Sweden, the recommendation to politicians and government officials is to only install the apps “you need” and to be restrictive in giving the apps access to just the camera, microphone and calendar. Carl-Oskar Bohlin, the minister for civil defence, recently wrote that: “…everyone has a responsibility to think about their own information security. Not installing unnecessary or unknown apps on one’s service phone can be a simple way to minimize one’s own, the employer’s and the country’s vulnerability”. If you translate these security recommendations to companies and organizations, it may seem that a great deal of responsibility for the company’s mobile security rests on the shoulders of the individual employee.
A useful alarm clock
Although the recommendations at national level remain, for example the Swedish Armed Forces and some municipalities have now introduced a ban. That an app like TikTok is banned on mobile phones worldwide can be a useful wake-up call for companies. Which apps and services should employees be allowed to use on their work phones? Is there a workplace policy that can act as a guide for the employees? What risks can the company be exposed to through these apps and services? Does the company have visibility and an overview of which applications and services the employees have on their phones? When the use of mobile devices also increases due to, among other things, hybrid and remote work, and when the workforce becomes increasingly geographically dispersed, it becomes even more important to have an overview and control over the company’s mobile devices and apps.
Data protection, regulatory compliance and reduced risk
A first step in getting a handle on the company’s mobile security is to review what technology is implemented to check what kind of applications are on the company phones, as well as what rules and policies apply. The IT teams should ideally be able to manage all the company’s mobile devices and applications in the workplace. They must also be able to centrally block downloads of suspicious applications and identify and prevent malicious code from infecting systems in Windows, Android, iOS and more. A well-functioning Enterprise Mobility Management solution that effectively secures and manages devices and endpoints is essential.
Frameworks and rules
It is also important to establish clear rules for users, and educate employees about how mobile devices can be used as potential attack surfaces. According to a survey carried out by the Union, 6 out of 10 civil servants also use the work mobile phone privately. Here, it is important to design policies that also protect the personal integrity of the staff. In addition to rules and policies for company phones and the business’s other mobile devices, rules should also be established for BYOD and private devices that have access to the company’s network and email. Ultimately, it’s about protecting personal and company-related information, managing regulatory compliance, and reducing the company’s vulnerability to risk. Mobile security is only as strong as its weakest link, so while common sense and personal responsibility go a long way, there are good reasons to use EMM solutions that can centrally block untrusted apps, denying access to sensitive tools like camera and microphone. Writer: Stefan Spendrup, Head of Northern and Western Europe, SOTI
A professional writer by day, a tech-nerd by night, with a love for all things money.