COVID-19 Resources

Why TikTok’s Security Risk Matters for Businesses [Plus Seven Ways to Protect Your Company Against Cyber Attacks]

Written by Paul Perry, FHFMA, CISM, CITP, CPA, CDPSE on July 13, 2020

Warren Averett cyber attack app image

TikTok, a widely popular mobile app, was caught spying on Apple device users and has made headlines as government leaders across the globe grapple with how to respond.

By deliberately or inadvertently gaining access to a user’s clipboard, TikTok and other apps have been able to grab onto anything that a user copies on an Apple device, whether it’s a password, business document or other sensitive information.

While some say that updating to the latest version of TikTok might help, there is much concern about the security risk associated with the app. The future of TikTok is currently unknown in the U.S. as talks of a nation-wide ban and a sale of the app to Microsoft continue to make headlines, but one thing is certain for businesses: security concerns like these pose a tremendous risk for individuals, as well as companies with no controls in place for employees using their own devices to access company portals and documents.

Data security is worth prioritizing, and companies can’t afford not to. Here are seven measures your company can take to help protect against cybercrime and the loss of valuable data.

1. Educate Your Employees about Data Security

According to a study by IBM, employees are responsible for 60% of cyberattacks on businesses due to accidental errors or by intentional fraud on the organization. Here are the basics for companies looking to educate and equip their employees concerning data security:

  • Employees should use password best practices, such as not using the same password across different platforms and not saving passwords using log-in features like “remember me.”
  • It’s also important that employees continually review the apps on their devices to check for ratings and security threats.
  • Educating employees on ransomware and social engineering attacks, such as phishing emails and fraudulent mobile app advertisements that look legitimate, can help employees differentiate between credible sources and prevent attacks.
  • Enforcing a mandatory user awareness training program and providing educational resources can equip your employees to proactively identify cyber threats.

2. Establish Security Protocols

Beyond educating employees on the basic security fundamentals, businesses can establish proper protocols to accompany a “bring-your-own-device” policy. These protocols should include a strong  mobile device management (MDM) tool to safeguard company information on employee devices. MDM tools can detect non-compliance and prevent access to company resources and data.

3. Create a Culture of Awareness

Creating a cyber-aware culture and educating your employees is a step in the right direction. Top leadership should continue to prioritize data security and data management.

4. Organize and Understand the Data You Have

Are you using your data to its fullest potential? Data analysis services can help you understand how to make the most of the valuable data you have on hand in your company. Organizing your data and gaining an understanding of what it means can make a significant difference for your operations and business decisions.

Data analysis professionals can take a deep dive into your data and determine what the numbers mean for your company. Data extraction can reorganize and/or convert the information from a company’s accounting software into a more usable format.

5. Strengthen Internal Controls

Having a strong internal control structure can help secure your company’s data and ensure that it remains accessible to the right people when they need it. In addition to helping companies mitigate errors and fraudulent activities, solid internal controls are the key to safeguarding corporate assets. Having a strong internal control environment can also strengthen corporate governance and compliance, facilitate company growth, enhance business processes and reduce compliance cost over time.

6. Create a Vendor Management Policy

Do you work with third-party vendors? If so, it’s important to understand their policies surrounding data security and the risks associated with those policies. If one of your vendors experiences a data breach, your company’s information will also be affected. Creating a formal vendor management policy and reviewing your vendors on an ongoing basis can help you mitigate the risks involved with third-party vendors.

7. Assess Your Cyber Risk

Contracting a cybersecurity advisor can offer an outsider’s perspective on your company’s current data security policies and practices. If you want to make informed decisions about how to move forward and keep your company’s data safe, consider working with a professional who can perform vulnerability management testing (external penetration or internal vulnerability scanning) and cyber and risk assessments.

These tests and assessments can help reveal weak areas so that improvements can be made and proven security policies can be implemented, giving your leadership, employees and customers peace of mind.

Learn More and Connect with an Advisor

Global cybercrime is predicted to cost $6 trillion annually by 2021, and it’s estimated that cybercrime generates a revenue of $1.5 trillion annually.

If you aren’t sure where to begin, contact your Warren Averett advisor, or complete the contact us form and one of our team members will reach out to you.

New call-to-action

This article reflects our views at the time this article was written and should be used as reference only. We recommend that you talk to your Warren Averett advisor, or another business advisor, for the most current information or for guidance specific to your organization.

Back to Resources

Related Insights

Top