Platforms
Security and verification advice.
TikTok
In April 2023, Cyber Security NSW issued a directive to remove the TikTok app from all NSW Government devices. Those who wish to use TikTok on a personal device must ensure no corporate data is accessed on the device. The directive from Cyber Security NSW follows a federal government mandate to remove TikTok from all Commonwealth Government issued devices.
Employees are not able to use TikTok on corporate issued devices, or BYO devices (all personal devices used to access work platforms via a browser or app are considered BYO devices) where they also access corporate information, including Microsoft Outlook, Teams, and SharePoint. This ban includes opening the app, web browser or links associated with the social platform.
However, government employees can use the TikTok on their personal devices provided the device does not contain corporate information.
Agencies don’t need an exemption to run a campaign on TikTok unless the platform is accessed on a government-issued device, or a personal device that has access to work-related emails, messaging or documents.
If you need to access TikTok on a government-issued device, or a personal device that has access to work-related emails, messaging or documents, contact your agency’s Cyber Security Team, who will complete a risk assessment.
It’s helpful to include the following information when reaching out to your Cyber Security Team:
- the business case to use TikTok as part of your role or for a marketing campaign
- which device you wish to access TikTok from.
Direction on TikTok application
X (formerly Twitter)
X (formerly Twitter) has changed its verification process. It has replaced existing blue ticks for verified organisations/people with a subscription system where anyone who pays can receive a blue tick.
We have been advised that some NSW Government X (formerly Twitter) accounts may be eligible for a ‘government-specific’ grey tick, provided they fall under the following criteria:
- Executive office: Responsible for coordinating the activities of the state or local government.
- Crisis response: Responsible for coordinating and responding to emergency situations, such as natural disasters, public health crises, or civil unrest.
- Public safety: Responsible for ensuring the safety and security of the community, such as law enforcement, fire departments, and public health.
- Regulatory: Responsible for ensuring compliance of laws related to specific industries or sectors and protecting consumers.
A grey tick can be applied for here
If your account is denied a grey tick, you should strongly consider the need for your account to continue on X (formerly Twitter). Your organisation should only be using X (formerly Twitter) if there is a unique or immediate need to be on the platform (for example, to communicate with an audience that is unique to the platform, communicating timely or emergency information, or needing to connect with customers in a way that is specific to X (formerly Twitter)).
Where it’s necessary for your account to remain on the platform, you should consider paying for X (formerly Twitter) Blue verification in order to minimise the risk of impersonation and fake accounts. Please be aware that X (formerly Twitter) Blue can be accessed by anyone who purchases it and imposter accounts can still arise.
If you determine there is no longer a need for a X (formerly Twitter) account, don’t close the account. This would free up the username for anyone to register. Instead, we recommend that you create a pinned post using the following wording: ‘This is the official X (formerly Twitter) account for [name of agency]. We are no longer posting on this account, and it is not monitored. For updates, please visit our website.’