Yes, Pokémon GO has caught on like wildfire, and this craze doesn’t look like it will be dying down any time soon.
Bearing that in mind, it goes without saying you’ve probably already got a few employees who are playing the game throughout the day at the office – potentially even on devices that are also used for business activities.
But according to Vadim Vladimirskey, CEO of the cloud-based IT services firm Nerdio, that sort of behavior can ultimately pose major security risks for your business.
“We should mention that since Pokémon GO was released, Niantic Labs, the maker of the game, has developed a number of security patches to minimize security threats,” Vladimirskey told Small Business Trends. “However, there is still the inherent risk that when employees use a company or personal mobile phone with corporate data stored on it, that data can be compromised.”
How Pokemon Go Threatens Mobile Device Security
The bulk of those risks stem from the game’s initial setup.
In order to start playing the app, Pokémon GO users must first sign up for an account that grants Niantic Labs access to their personal Google accounts.
The game asks for this access because Niantic reportedly uses an outdated version of Google’s shared sign-on service, which allows the company to automatically absorb basic account details such as a user’s name, email, gender and location in order to expedite the registration process. It’s all harmless enough in theory.
But in practice, Vladimirskey warns that the process also makes it fairly simple for hackers to access any given user’s emails, Google Drive documents and more. After all, a vast majority of mobile phones and tablets don’t usually encrypt traffic, which makes them easy targets for cyber criminals.
If Pokémon GO players fall victim to a hacking attempt while using a company address or affiliated device, that can subsequently place an entire business at risk.
“If a businesses’ data is compromised, it’s a very big problem,” Vladimirskey said. “A hacker could potentially read all business emails, send email as the user, access all Google Drive documents, access search history and Google Maps history, access and reset passwords, access all photos and do various other nefarious things.”
“The repercussions are endless when you consider all of the sensitive business information that is now stored and accessible digitally,” he added
Fortunately, there are plenty of things business owners can do in order to mitigate these threats.
First and foremost, experts advise companies to configure access to company assets like file and email servers via a remote desktop service. It’s also worth using a secure transmission protocol such as PC-over-IP (PCoIP) video feed, and ensuring that important or sensitive files are regularly wiped from shared company devices.
“By using cloud-based PCoIP connections, you are only using your device, be it a laptop, desktop or mobile device, as a remote window into your data,” Vladimirskey said. “With this approach, no data is stored on these devices, but rather solely on the server. The devices then access the data on the server.”
Above all else, businesses must ensure they have strong hardware firewalls that are adequately supported by intrusion prevention systems in order to filter and block any and all intrusion attempts via apps like Pokémon GO.
And despite the surging popularity and security fears surrounding this summer’s hottest app, Vladimirskey points out that Pokemon GO is not the only mobile device security threat that poses a risk to small businesses.
“It’s important to understand that any app that needs access to the information on a mobile device could be a threat,” he said. “This is why one of the biggest challenges for small businesses is managing the ways employees use devices. One of the best defenses is a BYOD policy that either restricts app usage, or one that takes a new approach to how data is viewed with these devices.”
Pokemon Go Photo via Shutterstock
from Brent Lecompte Blog http://brentlecompte.blogspot.com/2016/07/pokemon-go-security-threat-to-your.html