How Pokémon Go could be putting corporate data at risk
The privacy implications of the Pokémon Go craze have already had plenty of publicity, but according to a report from cloud security specialist CloudLock employees are granting access to corporate environments, despite these warnings, and are potentially opening backdoors to their organization's most sensitive databases via the app.
CloudLock analyzed more than 900 corporate environments and found that 44 percent of all organizations have employees who have granted access to Pokémon Go using their corporate credentials.
The risks of this are already well documented, the app can view, edit, collect or delete anything related to the user’s Google account, send emails, analyze navigation history, and access the user’s data through programmatic API access, as well as collecting personal data alongside geotagging functionality and camera access.
Among other findings are that on average, 5.8 percent of an organization's employees have installed Pokémon Go. Only 12 percent of affected institutions have banned the app and education, media and technology industries are the ones seeing the greatest impact. The study found a K-12 institution, a university and a retailer with 4,468; 2,238 and 2,011 Pokémon Go users, respectively.
Of course Pokémon Go isn't unique in presenting this type of risk. In its previous report CloudLock identified over 150,000 unique apps connecting to corporate cloud environments, a number that increased by 30x in the last two years alone. It also found that 27 percent of connected third party apps are of high or very high risk and they need immediate attention from corporate security teams.
You can find out more about the risks all of this presents to enterprises in CloudLock's ebook which can be downloaded from the company's website.