Blacklisted at Hydro-Québec, IQ and the Caisse | TikTok banned, a warning for privacy

A sweep is brewing in some state companies, which are blacklisting TikTok on mobile devices provided to their employees. In the private sector, the turn of the screw given by Quebec and Ottawa should encourage managers to watch what is downloaded by their employees on corporate equipment, say cybersecurity specialists.

“There are a lot of games and other applications that collect personal data,” says Stéphane Auger, vice-president at Équipe Microfix. The current situation is a good reminder of the importance of minimizing risks. A cyberattack doesn’t just come from ransomware. The goal is to minimize data entry points. »

The Chinese social network will not only disappear from mobile devices used by civil servants, deputies and political staff. We are also following suit in state corporations such as Hydro-Québec, where more than 5,400 employees use computer equipment provided by the hydroelectricity producer and distributor.

“Hydro-Québec follows the recommendations of the Canadian and Quebec governments, and prohibits TikTok on mobile devices and blocks access from the company’s network, underlines a spokesperson, Cendrix Bouchard. Reasonable personal use of mobile devices is permitted, in accordance with our code of ethics. »

For its part, the Caisse de dépôt et placement du Québec (CDPQ) – which manages net assets of 402 billion – says it has made the decision to “close access to this application in order to pursue a more in-depth analysis” due to the “significant security doubts that have been raised”. His spokeswoman Kate Monfette, however, did not specify how long the analysis would continue.

Investissement Québec (IQ), the financial arm of the government, intends to go further than a single application in terms of supervision.

“Certain changes will be made very soon to better regulate or restrict the use of social networks, in particular blocking access to the TikTok platform,” said spokesperson Mathieu Rouy.

Lots of data

What worries Western governments: the giant ByteDance, owner of TikTok, is established in China, where the laws oblige any private company to share with Beijing the data it claims. The Chinese government could potentially have access to the many information collected by the platform, such as location and payment data.

According to cybersecurity experts, there is therefore a risk that a company’s or organization’s data could be compromised if the popular application is on the smartphone provided to an employee.

The Société des alcools du Québec (SAQ) has not officially turned its back on TikTok, but that may well end up changing. “We are closely monitoring the evolution of the situation and we are assessing our position,” said its spokesperson, Geneviève Cormier.

“We don’t rule out banning the use of the app on our devices as a preventative measure,” she said.

To do the housework

In the cybersecurity community, it is believed that the episode surrounding TikTok should serve as a reminder to companies: data-intensive applications do not mix well with the IT tools used to run a business.

“There is a chance that the employer’s data will be sucked up by an application”, underlines Dominique Derrier, head of information security at NOVIPRO. “We forget that this can happen. It’s good to see the state leading by example. It hits a big blow. »

The Canadian Center for Cyber ​​Security stresses the importance, before starting to use an application, of having an idea of ​​what data will be collected and where it will be stored and transferred.

A section of its website is also devoted to reducing risk when using personal social media accounts at work. Among other things, it suggests limiting everything related to geolocation services.

According to Auger, employers who provide mobile devices should be sure to install management tools to prevent potentially sensitive information from being harvested by apps like TikTok.

Dominique Derrier abounds in the same direction, with a caveat. In small companies, we do not always have the financial means to offer mobile devices reserved for work. Sometimes employees find themselves using their personal equipment. The risks are then higher, says the expert, who adds that small and medium-sized businesses depend on the vigilance of their employees.