4 Potential Security Issues Raised By Pokémon Go

Potential-Security-Issues-Raised-By-Pokemon-GoPokémon Go is a phenomenon. The game is objectively a success and has been breaking mobile gaming records almost weekly. The game’s current success is without being open in some significant markets and it shows no signs of slowing. It is important to remind players to take measures to protect your company’s interests when playing.

Pokémon Go is an Augmented Reality game. Players see the game’s fictional world on top of everyday reality. Augmented Reality manifests in several ways: from important game locations coinciding with real world locations to the ability to capture pictures of Pokémon in our world.

The game’s long-term success is not important. Regardless of its longevity, it is important to remind employees of security measures they should take today to avoid compromising corporate assets and information. The nature of the game’s augmented reality means employees could reveal private company information in the heat of the moment without even realizing it. Here are some security considerations employees should take to protect their employer’s interests:

Turn off AR when in the office

Taking pictures of Pokémon in our world is part of the social component in Pokémon Go. The game integrates the camera in the player’s mobile device as a way to share their Pokémon Go experience with others. Pictures are taken and passed around. Players take shots of rare Pokémon for bragging rights before catching them. More commonly, images are used for memes and amusing photos such as a Pidgey sitting on a coworker’s head.

The problem is with what may be in the background. A picture of Pikachu standing on a desk is fine.  Unfortunately, if there is proprietary information on the desk in the picture, such as an org chart or salary documents, then that information could be inadvertently released. The picture of the unfortunate coworker being terrorized by the Pidgey could capture computer code on the screen behind the coworker. Computer code is proprietary information, and in the worst case scenario could be used for nefarious purposes.

It is in the employee’s and employer’s best interests to turn off augmented reality when in the office. Turning AR off is easy and can be done with a slider at the top right of the Pokémon capture screen. The game client remembers this selection so it will stay off until turned back on.

Remember not to share proprietary information

A big draw of Pokémon Go is the social aspect. The game encourages users to interact by providing congregation points in the form of poke-stops and gyms. It is not uncommon for players to show up at the same locations and strike up a conversation. Some events, such as the recent event in Chicago, are drawing scores of people.

This kind of social activity can be healthy for your workforce. However, players need to remember not to disclose proprietary information in the course of conversation. It is not likely to happen, but it should be called out explicitly to help avoid accidental disclosures.

Don’t stray into off-limits or secured areas

The urge to catch-em-all can be a strong one. Individuals are finding themselves in precarious situations by not paying attention to their surroundings, like two kids who illegally crossed the US-Canada border or requiring signs reminding players not to walk into minefields. In the course of a player’s career, it is highly likely that a particular Pokémon will show up at a place that is off-limits. It is important for players to remember not to go places that are off-limits.

That also applies to secure areas. Bypassing security measures to get that one needed Pokémon is not excusable, no matter how rare the Pokémon. People might become forgetful in the heat of the moment so remind them that traveling through augmented reality requires paying attention to the everyday reality around them.

Don’t log in using your enterprise Google account

Gmail is a popular enterprise application for email. There is a good chance that your company uses it. Google business accounts should be limited to business purposes. Remind employees to use their personal Gmail account, or to create a new account when registering with Pokémon Go. Data collected from an account is subject to the terms and conditions of the game. Those terms and conditions probably conflict with your company’s non-disclosure agreements.

There is also a security risk in linking a corporate account to the game. If hackers break into the application client or the game servers, then the user’s Google account is vulnerable. It is best to make sure the hackers don’t get access to proprietary information in your Google account by not using it.

Conclusion

Pokémon Go is an excellent way to encourage exercise and social interaction which are good for workers’ welfare. The games popularity is unlikely to wane in the short term as more and more countries come online. There is nothing wrong with employees enjoying the game. However, DevOps should help protect companies and their staff by reminding them of these important concerns.


Start capturing and analyzing all of your log data today with a free Logentries account.

Tagged with: , , ,
Posted in DevOps, Security

Leave a Reply