Wells Fargo bans TikTok over cybersecurity concerns

In the wake of Wells Fargo & Co.’s ban of social media app TikTok on Friday, financial advisers are being warned to evaluate the privacy policies of their mobile apps to prevent possible points of vulnerability. 

The bank had identified a small number of employees with corporate-owned devices who had installed the TikTok application on their device, according to a Wells Fargo spokesperson. The video-sharing app and social-networking platform owned by the Chinese company ByteDance Ltd., has roughly 80 million active monthly users in the U.S. alone. 

“Due to concerns about TikTok’s privacy and security controls and practices, and because corporate-owned devices should be used for company business only, we have directed those employees to remove the app from their devices,” the spokesperson wrote in an email. Wells Fargo Advisors did not have additional comment. 

Wells Fargo has not contacted TikTok addressing the concerns directly, according to a TikTok spokesperson.

“With any organization that has concerns, we are open to engaging with them constructively and sharing the actions we take to protect data security for our users,” the spokesperson wrote in an email. “Our hope is that whatever concerns Wells Fargo may have can be answered through transparent dialogue so that their employees can continue to participate in and benefit from our community.” 

While the financial advisory industry isn’t directly impacted by the ban, the threat alone should be enough to prompt advisers to double-check their cybersecurity practices around mobile apps, according to Aite Group’s senior analyst of cybersecurity Steve Hunt. 

“When anyone — from an adviser at a wirehouse to a three-person RIA — installs apps like TikTok on their phones that they use for any type of work communication with clients, they are fully entrusting the app software company with their data,” Hunt said. 

As work from home has blurred the lines between personal and work devices, advisers should keep in mind that the policies apps require users to accept before downloading equates to “a relationship” agreement, Hunt said. “The minute you click ‘I accept’ you are extending the trust of your business to app developers.” 

In fact, according to TikTok’s website, when a user downloads the app, the platform automatically collects certain information from a user’s device including internet or other network activity information such as an IP address, geolocation-related data, unique device identifiers, messaging, browsing and search history.

Amazon, for one, asked employees last week to delete TikTok from their smartphones over cybersecurity concerns, but then quickly reversed the decision and said banning TikTok was never their intention.

U.S. officials, too, have raised concerns about the social media platform. Secretary of State Mike Pompeo said July 8 the Trump administration is looking to take actions that “preserve and protect that information and deny the Chinese Communist Party access to the private information that belongs to Americans.” 

“It is not at all surprising that commercial organizations outside of the Defense Industrial Base are banning apps like TikTok,” said Eric Noonan, CEO of the cybersecurity firm Cybersheath. “Just last week the FBI revealed that nearly half of the FBI’s 5,000 active counterintelligence cases now relate to China, so the risk that TikTok potentially creates is real.”

While the debate about TikTok’s security threat continues, financial advisers can start protecting their devices by having encryption turned on and setting up extremely robust passwords, said Schwab Advisor Services Senior Consultant Page Adlington during a June 16 webinar. “Those are the best ways to start protecting your devices, especially when you’re traveling overseas.” 

Related Topics: Cybersecurity, tiktok, Wells Fargo & Co., Wells Fargo Advisors