Guess who is not playing Pokémon Go: Cyber Security Experts.
Within a week of the game developer’s launch, red flags were raised across the globe. Even the U.S. government was concerned and issued security guidelines on playing the game to military and intelligence personnel.
When the techies get nervous, you know there’s trouble. In part, the problem is with the functioning of the game. In order to play, the app needs access to your phone’s GPS and your camera. The International Association of Information Technology Asset Managers (IAITAM) warns business security risks can occur if employees download the Pokémon app on company-owned devices.
Recommendations by the IAITAM are clear, prohibit the installation and use of Pokémon on any devices used for business purposes including bring your own-devices (BYOD)— like phones and tablets that have direct access to sensitive corporate information and accounts.
IAITAM CEO Dr. Barbara Rembiesa calls the game a nightmare and says, “…there are just too many questions and too many risks involved for responsible corporations to allow the game to be used on corporate-owned or BYOD devices.”
One of several scams opening potential cyber breaches is a phishing email that tells Pokémon users the app is no longer free and will be frozen unless a monthly fee is paid. Victims end up going through several prompts on a third party website—resulting in the scammers stealing the user’s password.
Added to the growing mountain of business cyber security fears, are hundreds of rogue versions of Pokémon living on the Google Play app store. One version takes complete control of Android smartphones through a security backdoor called DroidJack. It captures the user’s text messaging, GPS, phone calls, camera—and any business network resources.
On businesses owned devices, this could end in a full blown data breach resulting in thousands of dollars of fines, loss of reputation and remediation damages. Even employee safety and your building security could be at risk because the game requires that players allow GPS tracking to be turned on.
While the game characters look innocent, playing is more complicated. It draws players to travel to PokeStops community locations like gyms, historical markers and monuments where they can capture more Pokémon. Many of these places are fairly safe, but unsupervised children can be lured to isolated places leaving them vulnerable to abduction and violence—especially at night.
A pediatric research team from Cohen Children’s Medical Center, who studies the effects of technological trends on children say, “The game [Pokémon ]cultivates a false sense of security among children, who feel safe with other players spanning a wide range of ages. Although the game recommends a minimum age of 13, savvy children can easily circumvent this rule, resulting in younger children making safety decisions for which they may not be prepared.”
We’re living in a mobile-first environment. For a growing segment of the population, our phones are the first thing we wake up to and the last thing we check before going to sleep. Android-based malware is one of the fasted growing ways malware reaches a corporate network and even Apple devices are not 100% safe. With the purchase of low cost equipment, hackers can gain access to a mobile device in less than 30 seconds and see everything on it, or install malware to steal the data.
Pokémon Go is one of many reasons why your business security depends on educating employees and putting in place safety policies on the use of BYOD devices—competing in today’s mobile friendly world depends on it. How secure are you? If you’re not sure, you may want to consider connecting with an IT company that specialized in security to help answer your questions.