Pokemon Go: What security awareness programs should be doing now

Pokemon Go represents a tremendous security threat. As with all tremendous threats, it can also be your greatest opportunity.

Pokemon Go represents a tremendous security threat. As with all tremendous threats, it can also be your greatest opportunity.

I have to admit that Pokemon Go took me by surprise. I had no idea why people just told me they were going out for no apparent reason. Younger people were more blatant, but it was not until early this week that I realized that it was a phenomenon that was impacting the workplace.

People of all ages, including your coworkers, are playing at record rates. Most important, they are bringing the app into the workplace, and using it on cellphones that also access work related information. It is a significant security vulnerability.

[ ALSO ON CSO: Experts say Pokémon Go exposes players to security and privacy risks ]

That being said, it means that awareness programs are at the front and center to protect corporate assets. At the same time, you can also appear to be the champion for the workers. Security awareness might never be more welcome. Even if people think the app is “stupid”, frequently they have family members or other loved ones playing the game.

People hear about malicious apps spoofing the actual Pokemon Go app. They hear about the app tracking them and having access to all of their data. They hear about people being mugged and finding dead bodies. People are excited, but they are concerned. This is your time to shine.

All security programs, led by the security awareness team, should immediately create information about the security concerns, and what to do about them.

Clearly, there is a focus on mobile device security, but there are also issues concerning privacy, password security, and safety. For this reason, I recommend that you create tip sheets for distribution to all employees. Possible content to include would be:

  • Ensure that you only download the official Pokemon Go app
  • Ensure that your cellphone operating system is up to date
  • As the app preferably uses Google accounts for authentication and tracking, consider creating a Google account just for that purpose
  • Ensure that your password is strong
  • Review app permissions, and remove as many permissions as possible
  • Consider installing anti-malware software on your cellphone
  • Be aware of the potential for crime
  • Remain alert. Carelessness will cause more injuries than crime
  • Never drive while playing the game
  • Most important, if your organization uses Google apps, clearly state that employees should never use their corporate account for Pokemon Go or any other games.

You may want to provide references to additional resources for mobile device management, creating a strong password, and other relevant issues. Providing contact information for the security team would be welcome. In defining the additional resources, consider that many people may want to share the information with their friends and family, so avoid using links and resources that are only available on your intranets.

It is a unfortunately extremely likely that some of your employees will eventually compromise information due to downloading malware on their mobile devices. It is guaranteed that the productivity of many employees will be impacted by the game. You can warn people about these issues, but you do not have ultimate control of them. You can however take advantage of the situation, and seem like their protector, and more than their overseer.

[ RELATED: How to craft a security awareness program that works ]

Personally, I am impressed by the business success of the game. I am also impressed that the gamification success. Pokemon Go would be a considered a huge gamification success for corporate wellness programs given how it encourages people to exercise. A companion article will be published shortly that highlights the true gamification principles used in Pokemon Go, and how it differs than most self-proclaimed gamification programs.

From a security perspective, Pokemon Go, itself, is as security nightmare. It is a productivity nightmare. However, you can take advantage of the situation and use it to highlight the importance of practicing good security behaviors. Don’t let a great opportunity go to waste.

Ira Winkler, CISSP is president of Secure Mentem and can be contacted at http://www.securementem.com

Join the CSO newsletter!

Error: Please check your email address.

More about CSOGooglePossible

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ira Winkler

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place