A smart phone protected by cyber liability insurance
Property Casualty

Pokémon Go: A Potentially Dangerous ‘Fever’ for Businesses

Nick Maletta
Nick Maletta
Client Executive, Property Casualty

Pokémon Go fever is catching on all over the place. Right now, the game is available in many countries, including the U.S., the majority of countries in Europe, and most recently in Canada. So if you’ve seen people walking around with their eyes glued to their phones or caught a glimpse of a swarm of people at a certain location…it’s likely they’re part of the Pokémon Go phenomenon. The problem is that just like any real “fever,” there are potential dangers… this one specifically for businesses.

The issue lies in the data that the Pokémon Go developer, Niantic, is collecting. Like most GPS apps, the game may collect information, such as a user’s email address, username, IP address, location, and even the Web page the game player was using before logging into Pokémon Go. But, it initially didn’t stop there.

It’s reported that for users who opted to log in with a Google account on an iOS device, Niantic (and anyone who has hacked the company) had access to their Google accounts, including reading and sending emails, among other things. Fortunately, Niantic has released a patch to fix that particular issue (though, users need to download the version update for it to work)…but, do you see where I’m going with this?

When it comes down to it, this particular game and, to be quite honest, many other popular apps have a host of potential malware, privacy, property, and liability issues for businesses. And side note: Don’t get me started on the workers’ compensation issues (for example: someone driving a company car, playing a game, and getting into an accident or an employee leaning out a window for better reception and getting hurt). Yikes!

Now for some eye-opening stats. At Holmes Murphy, we offer companies the opportunity to take a Cyber Risk Self-Assessment to gauge how they’re doing with risk management. In this assessment, we ask the following questions:

  • Do you allow employees to access email or other company resources via mobile devices?
  • Do you push a profile to the employee’s device to force a password lock and other security features?

On one of the most recent reports I received, the stats went something like this:

  • 91.2 percent said “Yes,” they do allow employees to access email or other company info through their mobile device.
  • 63.7 percent either answered “No” or “I don’t know” regarding the security features on devices.

Those are some scary statistics. Basically, this means if your business has unencrypted mobile devices, any employee playing Pokémon Go or using other apps on one of those devices could potentially be leaking your company information. It comes as a result of what’s known as “phishing.”

What Can You Do to Protect Employee Mobile Devices?

For starters, ensure any devices your employees use (mobile or otherwise) are encrypted. I’ve also put some key tips below:

  • It’s important to know what type of sensitive data you have and where it’s stored. Recording and storing such data heightens the necessity for proper security practices and cyber liability coverage.
  • Having an encrypted backup tape policy is a low-cost preventive measure that could save your organization millions of dollars. Generally, there’s no cost of remediation or reporting requirement if the information lost was encrypted.
  • A lost or stolen mobile device has the potential to be considered a data breach. If you’re going to allow mobile devices (whether company or employee-owned) to access company data and email, care must be taken to ensure the device is secure.

And if you’re worried, it may be wise to make rules surrounding what types of apps are allowed on devices that have access to your company information or forbid employees from playing games or accessing other apps during work hours or while driving. Having such cybersecurity policies in place are meant to protect you from security issues and the potential liability fallout should an incident happen.

It doesn’t appear Pokémon Go (or apps like it) are “stopping” any time soon. So ensure employees know your rules. And, if you aren’t certain where to start with those policies or if you’re on the right track…comment below or reach out to Holmes Murphy directly! We’re always here to talk through issues, questions, concerns, and help in anyway possible.

Explore more from Holmes Murphy