Since Pokémon Go was released two weeks ago, it’s attracted more than 15 million players. No matter where you go, you’re bound to run into (sometimes literally) Pokémon Trainers braving the “wild” by strolling neighborhood streets staring at their phones in an attempt to “Catch ‘Em All.”
If you’re not yet familiar with the “augmented reality” game, here’s how it works: Using mobile phones or tablets, players catch virtual Pokémon and are able to level up as a trainer, visit Pokéstops for items, and fight for control of various “gyms,” which are usually located around landmarks and notable historic locations.
Niantic Labs’ mobile gaming app is a huge success in terms of popularity, but injuries and accidents have been reported because people aren’t watching where they’re going. This is despite the Pokémon Go website’s warning: “For safety’s sake, never play Pokemon Go when you’re on your bike, driving a car, riding a hoverboard or anything else where you should be paying attention.” The first Pokemon Go-related car accident attributed to the game occurred in Auburn, New York on July 13. And two men in their early 20s suffered moderate injuries when, in pursuit of Pokémon, they fell off a cliff near the ocean in Encinitas, California and had to be rescued.
Pokémon Go In The Workplace (Or Do They?)
Employees are playing Pokémon Go in the workplace, according to a recent FORBES poll. Of the 66,159 people who responded to the survey, 69 percent said they play the game at work, and about 1/3 admitted they spend more than an hour doing so. While that may seem like a productivity problem, the survey did reveal some pluses: Half of the respondents said the game helped them bond with coworkers, bosses, and clients; and 80 percent said the game caused them to exercise more.
Not everyone can find the silver lining when it comes to Pokémon Go in the workplace, however, especially the professionals who deal with Information Technology Asset Management (ITAM).
Tasked with keeping phones, tablets, and other devices secure in the workplace, the International Association of IT Asset Managers (IAITAM) has called on corporations to ban the installation and use of Pokémon Go on corporate-owned, business-only phones/tablets (COBO) and “bring your own device” phones/tablets (BYOD) with direct access to sensitive corporate information and accounts.
“Frankly, the truth is that Pokémon Go is a nightmare for companies that want to keep their email and cloud-based information secure,” said IAITAM CEO Dr. Barbara Rembiesa. “Even with the enormous popularity of this gaming app, there are just too many questions and too many risks involved for responsible corporations to allow the game to be used on corporate-owned or BYOD devices. We already have real security concerns and expect them to become much more severe in the coming weeks. The only safe course of action here is to bar Pokémon Go from corporate-owned phones and tablets, as well as employee-owned devices that are used to connect to sensitive corporate information.”
Corporate concerns about Pokémon Go include data breaches, risky knockoff copies, and encouraging bad behavior, according to Rembiesa.
Data Breaches: The original user agreements for Pokémon Go allowed Niantic to access the entire Google profile of the user, including their history, past searches, and anything else associated with their Google Login ID. This has since been corrected, but for COBO devices the result was, by definition, a data breach.
Knockoff Copies: It’s been reported that some versions of the Pokémon Go app available from non-official app stores may include software allowing cyber crooks to remotely control the user’s phone or tablets. Unsophisticated users may not understand that third party app providers should be avoided due to the risks involved. The online security firm Proofpoint already has detected knockoff Android copies of Pokémon Go in the wild containing a remote controlled tool (RAT) called DroidJack.
Bad Behavior: It’s important for employees using COBO devices to stick with approved software and apps. Pokémon Go is considered a “rogue download,” which is any software program downloaded onto a device that circumvents the typical purchasing and installation channels of the organization. Rather than simply banning Pokémon Go, corporations should also use this as an opportunity to encourage employee understanding of the rationale against rogue downloads, particularly the security risks they represent.
The message from IAITAM is clear: Unless you actually work in a Pokémon Go gym, leave your Pokéballs at home.