My cyber risk side looks at augmented reality and sees potential issues involving malware, privacy, data disclosure and employee safety.
If you hear employees talking about spending their stardust and candies, chances are they’re caught up in the latest pop culture fixation: Pokémon Go. The mobile phone game sensation has fans roaming the country with their handhelds out to capture the “Pocket Monsters” scattered virtually throughout the real world.
The kid in me chuckles at this innovative use of augmented reality (AR) technology. But my cyber risk side looks at AR and sees potential issues involving malware, privacy, data disclosure and employee safety.
Real-World Risks
Computer and online games become instant targets for malware, through such things as fake and cracked versions in app stores. Hackers could gain control over a phone and thus a wealth of data about its user. For companies with bring your own device (BYOD) programs, enterprise email accounts and other data could be exposed.
See also: Better Way to Assess Cyber Risks?
Of course, BYOD risks are not limited to Pokémon Go. For example, sensitive information can be exposed through employees’ social media postings and other activities. But apps that are addictive and seemingly innocent can blind users to the risks of downloading.
AR technology combines elements of the digital and physical worlds into a single view, allowing data, text or images to be superimposed on a live video feed. In Pokémon Go, AR allows for the game map to align with a real-world map and players to find and even photograph their monsters in physical locations.
What if a Pokémon is located inside your company’s office? If a user shares a photo or screenshot of such a location, it poses a risk of inadvertent loss of sensitive company or customer information. And there are issues around invasion of privacy for people/places that don’t want to be involved in the game.
Managing Risk
As surely as Pikachu evolve into Raichu, technology like AR will morph and bring new risks. Businesses may try to block or limit employees’ access to AR and similar technology, but that may only provide temporary relief before the
next threat emerges.
See also: Cyber Risk: The Expanding Threat
So as with all cyber risks, when it comes to Pokémon Go, organizations should make sure they don’t focus only on prevention. Among the steps to bolster response and recovery, businesses can:
- Educate employees about the risks.
- Conduct regular cyber risk assessments and audits to identify threats and assets at risk.
- Develop and test disaster recovery, business continuity and incident response plans in conjunction with law enforcement, regulators and others.
- Purchase cyber insurance to deal with the inevitable risks that slip through the cracks.
AR and other disruptive technologies are here to stay, and promise to benefit companies and consumers. Risk professionals will need to be nimble as they manage the accompanying risks.