Death By Social Media: Are TikTok and WeChat Easy Marks for Attackers?

Most corporations understand the crucial need for efficient access management systems to protect the business from data loss and security breaches through unauthorized access. However, even large companies are in danger of ignoring or misjudging the emerging risks of social media platforms. Social media platforms are being used by billions worldwide daily. Employees across the United States access these tools at work because their employer’s access management framework allows them to. However, the U.S. government recently issued executive orders targeting popular social media platforms like TikTok and WeChat. The orders indicate that access to these platforms is fraught with risk and needs to be restricted as a matter of corporate and national security.

Do Platforms Like TikTok and WeChat Pose Security Concerns?

TikTok, a video-sharing application owned by Chinese company ByteDance Ltd, has been downloaded over 175 million times in the United States alone. As of October 2020, WeChat, China’s most popular social media messaging app, had over 22 million downloads in the United States. Both platforms collect a massive amount of personal user data, some of which is designed to be passed on to advertisers.

The U.S. government believes unchecked data collection allows the Chinese Communist Party access to Americans’ personal and proprietary information. The executive orders passed by the government seek to ban access to TikTok and WeChat from U.S. app Stores. The U.S. government alleged that the Chinese government may attempt to leverage U.S. user data for corporate espionage.

As a result, a large number of Americans are questioning the security of these platforms. At the same time, it is hard to verify the statements made in the executive orders. Companies are unlikely to act against an executive order, especially if they do business with the government. Legal proceedings continue, and it remains uncertain what the future of WeChat and TikTok will be in the United States.

Access Management and IT Security

Regardless of your company’s position on the TikTok and WeChat controversy, there are valuable lessons about access management to be gleaned from this event. Before using social media platforms within your company, especially when access is permitted or authorized through social media logins, it’s crucial to understand what safeguards exist for the data collected from your employees. If the proper safeguards do not exist or cannot be verified, using social media platforms can pose security risks to your company.

It is also prudent to assess whether your company’s access management policies align with the U.S. government’s policies and do not depart from national expectations on IT security. While assessing possible security risks to your access management system and supporting policies, your decision-making naturally needs to be grounded in facts. When meaningful and accurate information is not available regarding how data is stored and shared, it’s impossible to assess possible risks and companies are naturally likely to err on the side of caution.

How to Respond to IT Security Threats and Manage Your Access Management System

When IT security breaches or threats are in the news with reports of millions of user accounts compromised and data lost, it’s natural for companies to panic and go into firefighting mode. However, it’s crucial to take the time to gather accurate information and assess the threat critically. This approach does not indicate inaction. Companies must take action to analyze threats, both direct and indirect. For instance, even if your network security department blocks direct risk through apps like WeChat or TikTok, indirect risks must be identified and minimized; this may require policies and training specific to these platforms.

Even within your company, departments like marketing or sales may need to access various social media platforms to perform essential business activities. To allow for these exemptions while mitigating risk, businesses can incorporate additional protections like multi-factor authentication or biometric authentication where possible. Expanding the capabilities of your access management system can help provide greater security to the most vulnerable parts of your network. The emergence of a new security threat is also an excellent time to get an independent audit of your IT security controls; this does not have to mean investing in IT security consultancy that drains both time and resources.

IT compliance teams can review the company’s configuration, identify gaps and provide a report so necessary steps can be taken.

Controversies like the TikTok and WeChat security threat and the ensuing U.S. government orders are a reminder that IT security is a job that’s never done. Businesses must extensively and continuously analyze new threats, identify where there are security gaps and implement changes, however complex, to ensure that those gaps are swiftly closed. The IT security environment is constantly evolving, and businesses have no choice but to evolve as well to protect the integrity of their data. The digital economy continues to operate in the real world and, naturally, it is vulnerable to threats like any brick-and-mortar asset. Businesses prioritizing data integrity in their access management systems will create a culture of vigilance and security across the organization.