If you hear employees talking about spending their stardust and candies, chances are they’re caught up in the latest pop culture fixation: Pokémon Go.
The mobile phone game sensation has fans roaming the country with their handhelds out to capture the “Pocket Monsters” scattered virtually throughout the real world.
The kid in me chuckles at this innovative use of augmented reality (AR) technology. But my cyber risk side looks at AR and sees potential issues involving malware, privacy, data disclosure, and employee safety.
|Real-world risks
Computer and online games become instant targets for malware, through such things as fake and cracked versions in app stores. This could allow hackers to gain control over a phone and thus a wealth of data about its user. For companies with bring your own device (BYOD) programs, enterprise email accounts and other data could be exposed.
Of course, BYOD risks are not limited to Pokémon Go. For example, sensitive information can be exposed through employees’ social media postings and other activities. But apps that are addictive and seemingly innocent can blind users to the risks of downloading.
AR technology combines elements of the digital and physical worlds into a single view, allowing data, text, or images to be superimposed on a live video feed. In Pokémon Go, AR allows for the game map to align with a real-world map and players to find and even photograph their monsters in physical locations.
And there are other risks. What if a Pokémon is located inside your company’s office? If a user shares a photo or screenshot of such a location, it poses a risk of inadvertent loss of sensitive company or customer information. And there are issues around invasion of privacy for people/places that don’t want to be involved in the game.
|Managing risk
As surely as Pikachu evolve into Raichu, technology like AR will morph and bring new risks. Businesses may try to block or limit employees’ access to AR and similar technology, but that may only provide temporary relief before the next threat emerges.
So as with all cyber risks, when it comes to Pokémon Go, organizations should make sure they don’t focus only on prevention. Among the steps to bolster response and recovery, businesses can:
- Educate employees about the risks.
- Conduct regular cyber risk assessments and audits to identify threats and assets at risk.
- Develop and test disaster recovery, business continuity, and incident response plans in conjunction with law enforcement, regulators, and others.
- Purchase cyber insurance to deal with the inevitable risks that slip through the cracks.
AR and other disruptive technologies are here to stay, and promise to benefit companies and consumers. Risk professionals will need to be nimble as they manage the accompanying risks.
Thomas Reagan is the cyber practice leader within Marsh's Financial and Professional Products (FINPRO) Specialty Practice. This article first appeared on Marsh.com and is reprinted here with permission. Visit the Marsh Risk in Context blog for the original post.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.