In response to the Information System Authority (RIA) banning its employees from using Chinese-based social media app TikTok, experts say there is no reason to start banning applications, adding that cyber hygiene awareness should be focused on instead.
Tammet added that cyber hygiene awareness should be focused on instead. "One might ask if a state official's location or contact information is a state secret. I would say it most likely is not. At the same, it maybe would not be a good thing if anyone can just monitor that information at all times."
"If we do not want our location to be tracked or our contacts to be available, it is clear we should turn off our phones in these sensitive situations. It is reasonable to predict that some organizations are able to reach that information. The question is if they do anything with it. I suspect that most of the time, nothing suspicious is done with the information," Tammet continued.
App downloads are forbidden on all Estonian Defense Forces (EDF) work phones. Mihkel Tikk, director of the Cyber Policy Department at the Ministry of Defense, said the approach is a principle of their cyber security policy.
Tikk explained: "We are not banning apps wholesale; rather, we allow apps if they are necessary for work. We have experts who look into an application. If we assess the risk as low, we will allow the specific app, but if the risk is high, we must unfortunately have to refuse it."
A limited work phone might still not be sufficient in cases of careless behavior, however. In order for people to act responsibly, the EDF asks its personnel to pass a cyber hygiene course, Tikk said.
Tikk conceded that more attention needs to be turned on how to alleviate the danger of information leaks.
Tikk said: "One thing is which [apps} our personnel actually uss, another is what their family uses. We can be very effective here at work, but if someone in their family is using applications that allow for villains to scavenge around their home networks, the measures are of no use."
He concluded by saying that since there is more malicious interest against the EDF than many other organizations, their caution is justified. Such measures do not need to be used at other state institutions, he said, but people should continuously be educated on the subject, since the weak point is the end user.
Editor: Kristjan Kallaste, Andrew Whyte