Pokemon Go and your Business’s IT Security

Jul 29
08:12

2016

Joel Duncan

Joel Duncan

  • Share this article on Facebook
  • Share this article on Twitter
  • Share this article on Linkedin

Gotta catch em’ all! That was the chorus to the intro of the Pokemon T.V. show. As an information technology professional I am kind of like a Pokemon trainer, I have to catch all potential IT threats before they strike. Whether you have a job related to technology or not, you have probably heard about Pokemon Go and the current hype surrounding it. Now, if you have a job or business related to IT, then you could learn a thing or two from Pokemon Go. Interestingly enough, there is a large number of IT employees who might be unknowingly putting their companies at risk.

mediaimage

The problem with the use of this app in and around the workplace are the security risks involved. When you download this app on your phone, Pokemon Go and your Business’s IT Security Articles it will ask you if you want to use your gmail in order to open an account. In today's day and age, most of us select this option because it is the quickest way to create an account without having to fill anything out. This could cause security problems  for the business they work for if they use the same gmail account for work related projects. This has forced a large number of IT departments to change their BYOD (bring your own device) policy in the workplace because of security concerns.

This was discovered a few weeks ago after the release of the Pokemon Go game in North America. A tumblr blogger named Adam Reeve who works for a security analytics firm warned iOS users that if they choose this option in order to create an account they are granting Niantic access to all of their account data. These users are the ones who face the most serious security threats because of the iOS setting which does not let you edit these permissions, you must deny access to the app all together. Pokemon Go security is now on the radar for most IT businesses and they are beginning to address the problem it sooner rather than later.

Most companies are changing their BYOD policies in order to address the Pokemon Go security issue, but this may not be enough. There is also an Android malware problem that most people are not aware of. Since the app was only released in some countries, mirror apps were created. This means they have a higher risk of malware being in them. Hackers have managed to use this weakness in Pokemon Go Security in order to open up a backdoor into the phone. Luckily, Niantic Labs (the creators behind the game) hasreleased a statement about the problem. They say they are aware of the issues and they have already addressed them with google. Google should be changing the apps permission to only basic profile info as a way to avoid this Pokemon Go security issue.

Even though Niantic Labs say they have started addressing the Pokemon Go Security problem you should not take this situation lightly, especially if you are in the IT business. While they say the problem will be fixed “soon”, they do not give a specific time table for the fix. One of the main reasons they even made a statement about this issue is the legal problems they are facing in Germany. Niantic has until August 9th to change their current permission requests or they may have to face a cease and desist order in Germany. The Federation of German Consumer Organizations (VZBV) has stated that the terms were written in “slightly impenetrable language” which gives Niantic the right to share the information they get from you and your device with 3rd parties. Another troubling issue they talk about is Niantic reserves the right to change its policies without the consent of users.

Other than changing the BYOD policy that your company has, there are not many ways to avoid this Pokemon Go security threat. The best option you have is to inform your employees about the possible security risks involved with the game and recommend that they download apps with a non-company gmail account. Also, don't forget to change the BYOD policy you have in place.

At the end of the day you must accept the fact that your employees gmail accounts may put your business at risk because of these types of games. Try using the two strategies I gave you to try and avoid these Pokemon Go security threats. And do not forget! You must be battle tested, just like a Pokemon trainer in order to face these risks head on!

How are you going to address these issues in your IT company? Would you use one of the strategies I suggested? Let us know in the comment section below.