Did You Know About the Risks of Pokémon Go?
September 1, 2016
The Real and Hidden Risks of Pokémon Go
As Pokémon Go exploded onto the software scene, the physical dangers of users walking into traffic, trespassing onto other people’s property, and even abandoning their children in search of the imaginary beasts caused alarm to many. However, these are just a few of the real risks of Pokèmon Go.Niantic, Inc., which until recently, only enjoyed success in the niche market of augmented reality gaming, now boasts installs surpassing 100 million and global revenue topping $160 million at the beginning of the month. However, the software has begun to distress other businesses as the Pokémon Go phenomenon booms and increasingly occupies employee time while at work.
At a base level, Pokémon Go clearly redirects the productivity of employees who feel the mission statement of “Gotta Catch ‘Em All” eclipses that of most employers. What should be more concerning to businesses than employees’ and trespassers’ imaginary expeditions is the issue of data security.
Call to ban Pokèmon Go
The International Association of IT Asset Managers (IAITAM) is calling for companies to ban the game from both corporate-owned, business-only (COBO) phones/tablets and “bring your own device” (BYOD) phones/tablets with direct access to sensitive corporate information and accounts. IAITAM CEO Dr. Barbara Rembiesa warned:
Frankly, the truth is that Pokémon Go is a nightmare for companies that want to keep their email and cloud-based information secure. Even with the enormous popularity of this gaming app, there are just too many questions and too many risks involved for responsible corporations to allow the game to be used on corporate-owned or BYOD devices. We already have real security concerns and expect them to become much more severe in the coming weeks.
Data security concerns
As highlighted above, data security is a significant concern. In the first version of the app, the user agreement allowed Niantic to access a user’s entire Google profile and essentially all metadata from the phone’s interaction with its various data signals. While the former issue has been corrected, the app still collects a large amount of data from its users, including contact lists and pinpoint locations.
While some apps are legitimate guides, others are designed to simply spread malware.
This implicates an issue broader than merely the app itself. Users are increasingly downloading third-party apps that promise to help players successfully navigate the game (in other words, cheat). While some apps are legitimate guides, others are designed to simply spread malware. In addition, while the Pokémon Go fad may fade, new software applications that divert employee attention will likely appear, and the same data security concerns will arise. Therefore, a more comprehensive and active approach is needed to address the increasingly dangerous and apparent world of cybersecurity.
What employers should do about potential threats to cyber security
All the data an application itself collects as well as the potential for malicious third-party applications form a double-edged sword for employers. Not only is worker productivity compromised, but also, the data systems of the company might be at risk as well. The safeguards against this sort of employee behavior are not as simple as banning certain applications or other blanket restrictions that will no doubt carry unintended consequences.
So, rather than ban the applications as they become known to the employer, good procedures and processes that limit the transfer of information and provide for various levels of verification need to be in place so companies can operate safely, effectively, and legally.
While cyber-planning requires customization and experts, the expense and maintenance of effective cyber procedures is trivial compared to the expense and experts required for a cyber breach.