Pokémon GO is an online fantasy game that transports the player between the virtual world and the real world through their smartphones. Players search far and wide in the real world to capture as many Pokémon as they can. Upon encountering a Pokémon, your smartphone will vibrate to let you know you’re near a Pokémon. Hurl a Poké Ball to catch more than a hundred species of Pokémon. Pokémon GO takes you to real-world locations such as historical markers in Hokkaido and Kanto regions of Japan, and public art installations in New York, and Paris.
In order to play you need to log in with your Gmail account. Pokémon Go is location-based, so data about you is crucial to the gaming experience. The Pokémon Go app grants full access to all of your personal data.
How much access and risk are we exposing ourselves and our children to? What personal information is Pokémon Go collecting?
Full access to your personal data is problematic. No one should ever have “Full account access” privilege to any of your data. Never expose yourself or your business and family to unnecessary risk. Most employees and business owners fail to understand the consequences of granting third party access to their personal data.
Identity theft is now one of life’s certainties, right behind death and taxes. Your personal data is the key to accessing finances and your health care information—the damage can be devastating both for your business as well as personally. Well over one billion records containing personally identifiable information is exposed (IBM, 2014) annually. Breaches are now commonplace, and it’s not going to get any better. An identity thief only needs a few data points to seize your data. We all need to stop carelessly permitting third party apps to have full access to our data. We need to start asking why is this app asking for this type of information rather than just hitting accept.
The Ponemon Institute, a leading research firm on privacy, data protection and information security policy reports that 43% of companies have experienced a data breach in the past year (Ponemon Institute, 2015). Most people don’t know how to qualify or quantify what the impact of a breach can have. The financial burden could cripple an individual or business if not shut it down all together. According to the FBI, hackers employ email phishing campaigns targeting 50,000,000 people at a time. The odds are good that a few individuals will click through a link that acquires an online password, triggering a malware virus that instantly begins collecting names, dates of birth, social security numbers, bank accounts, credit cards and health related information.
A security breach may have a significant finical impact to a company’s bottom line as well as damage their public reputation. Businesses’ have a legal obligation to notify state and federal agencies of a data breach. Presently 47 states have 47 different breach notification laws which include mandated time guidelines as to how soon individuals must be notified that their person identifiable information (PII) Patient Health Information has been compromised. There are costly penalties for any business that does not comply with the regulations.
It’s common to hear a business say we don’t have a cyber exposure or why would a hacker want my information? A data breach doesn’t mean that someone has to hack into your system in order for documents to be leaked out. In fact, 56% of businesses’ surveyed report that the primary cause of a data breach was due to careless employee error (Ponemon, June 2016). Take steps today to ensure your firm is prepared. It’s not a matter of if you will be breached, it’s a matter of when. A Comprehensive cyber insurance policy offsets most of the first party legal responsibilities a business has post breach. Currently there is $2 billion dollars in written cyber security insurance premiums, it is estimated that by 2020 that cyber security insurance industry will total over $4 billion dollars.
Take Sensible Precautions
When playing Pokémon GO or downloading any mobile application, verify the authenticity of downloaded applications:
Enable two-factor authentication for sensitive transactions such as mobile banking or conducting financial transaction to provide a higher level of security than traditional passwords. Your mobile device can generate pass codes, sent via a text message to the phone.
Install anti-malware capability to protect against malicious applications, viruses, spy-ware and malware-based attacks. Protect against unwanted (spam) voice messages, text messages, and e-mail attachments.Install a firewall and security updates to protect against unauthorized connections by intercepting both incoming and outgoing connection attempts and blocking or permitting them based on a list of rules.
And remotely disable lost or stolen devices so that your personal data and secure.
Limit your exposure and risk from a breach, make sure you have a comprehensive Privacy and Network Security Policy AKA Cyber Liability policy.
Gaming is fun, let’s make sure it is safe for our kids. Grant third party applications limited access to your data and take precautions to protect your personal data and privacy from the possibility of being hacked.
About Marc Schein
Marc Schein is Executive Director of Commercial Insurance his risk management experience includes: Cyber Security/Auto/Property/Liability /Employment Practices Liability/Errors & Omissions/Group Umbrella/Workers Comp. Marc has Commercial Lines Coverage Specialist (CLCS) and Certified Insurance Counselor (CIC) designations. He also sits on the board of the Ponemon Institute’s RIM Council, a pre‐eminent research center dedicated to data protection, privacy and information security. Marc also serves on the Claims & Litigation Management Alliance’s Cyber Committee.
Cooney, M. (September 21, 2012). 10 common mobile security problems to attack. PCWorld.
Williams, A. (July 20, 2016). Pokémon Go Privacy Settings: What you really need to know about the app permissions hype. Trusted Reviews.