This memo is in reference to the Governor’s Executive Order, EO 23-06 dated January 10, 2023 regarding the prohibition of the installation of, connection to, or use of TikTok on any state network or state-issued information or communications technology device, including all desktop computers, laptop computers, tablets, and mobile phones.

The Division of Information Systems, under the Department of Transformation and Shared Services, TSS has turned off access to TikTok at the State Intrusion Prevention System, IPS level. 

Arkansas is now part of a growing list of states that have banned the use of the popular social media app TikTok on state-owned devices and networks over concerns that the Chinese government could use data from the app to track Americans.

On December 2, 2022, FBI Director Christopher Wray warned citizens about usage of TikTok. TikTok’s privacy and data collection policies allow for the capture of sensitive, personally identifiable information and that data is stored in locations that could be accessed by the government of the People’s Republic of China for use other than the permissions given by the user. TikTok, which is owned by Beijing-based ByteDance Ltd, allows users to upload short-form videos to share with other users. The clips typically include dances, jokes, pranks, stunts, and tricks.

The application, TikTok, is not to be used on State-owned and issued devices and it shall not be used on any devices connected to the State network unless it is for an authorized law enforcement or security purpose. School Districts technology directors/coordinators are highly recommended to continue to block TikTok on their secure Internet gateway/content filters, wireless solutions unified end-point management, mobile device management tool and hot-spot vendors.

As a reminder, when using any device, please practice the following important cybersecurity steps:

1. Revisit and shake up your password: Consider using the longest password (or password phrase) permissible. Use completed passwords at least 8 characters in length (numbers, symbols, capital, letters).
2. Double your login protection: If available, ensure multi-factor authentication (MFA) for all accounts and devices to ensure you are the only person with access to your account.
3. Never click and tell: Limit what information you share on social media. Always hover your mouse on unknown links/hyperlinks prior to clicking them and, exercise your security awareness by recognizing phishing emails and reporting any suspicious emails.
4. Keep an account and tabs on your apps: Your mobile device could be filled with suspicious apps running in the background you never realized were approved. These apps have potential to gather your personal information without your knowledge.
5. Workstation Cyber Etiquette: Never leave your workstation unlocked while unattended. This practice eliminates the potential for businesses mail compromises.

We know there could be few exception requests, as such your feedback is important and critical. Kindly email them to ADEITServcies@ADE.Arkansas.Gov. We will present those to the Governor’s Office by escalating with TSS, Division of information Systems. 

Thank you for your immediate attention on this matter.

Attachments