How to use TikTok safely

HOW TO USE TIKTOK SAFELY

TikTok is a video-based social media platform and has rapidly become an important marketing and communications channel but it comes with risks which needs to be treated before it is used in the University.

TikTok has been banned from use on official Government devices in the UK since 16 Mar 23 and other governments are taking similar precautions. The ban came in after Cabinet Office ministers ordered a security review of the information security risks to official government information from the use of social media applications.

At a glance

 TikTok should only be used on a dedicated, office-based device.

 The device should be isolated from the University network.

 The device should not be used to access any University systems other than a specific email account associated with the use of TikTok (see below).

 Data (videos, text and images) should be restricted to that classified as PUBLIC.​​​​

 
AT OXFORD

The Information Security Team recommends the following rules, to enable TikTok to be used for University business, while protecting internal and confidential information. These rules do not apply to private use of TikTok on personally owned devices.

  • TikTok should only be used for university purposes where there is a strong justification, and its use has been approved by the relevant head of department.
  • TikTok must only be used on dedicated university devices (laptop, smartphone or tablet). A smartphone or tablet is recommended for ease of connectivity.
  • TikTok devices must be isolated from internal university networks, with internet access achieved through a public network such as the 4G or 5G mobile network.
  • All accounts (including email accounts) used for TikTok must be specifically created for this purpose. Personal accounts must not be used.
  • Data such as videos, text and images) can be transferred to TikTok devices, but no data files or software should be uploaded to university systems from devices. Data exchange may be achieved by AirDrop (MAC OS and iOS) or Nearby Sharing (Windows and Android). Alternatively, OneDrive may be used to enable information to be accessed. from the device.
  • Data must be restricted to that classified as PUBLIC according to the university's information classification scheme.
  • The risks to data integrity must be assessed before approving publication on TikTok. Specifically, there is a high risk of replication and manipulation of videos and images once published. The use of AI software to manipulate videos is a growing threat.
  • The TikTok device must receive all software updates in line with university policy.
  • The TikTok device used must adhere to all other aspects of the University’s device security guidance.
  • An SOP must be written, implemented and monitored to ensure usage adheres to these rules.

 

THE BASICS

The Information Security team (InfoSec) has considered the Government ban and concluded that TikTok should only be used by University staff for University purposes by exception, where there is a strong justification, and its use has been approved by the relevant Head of Department. This guidance only applies to setting official University TikTok accounts and not TikTok accounts used by staff or students for their personal lives.  

 

Useful links and resources