IT Industry Group Calls for Workplace Ban on ‘Pokémon Go’

Cites security threat to company-issued, company-linked mobile devices

WASHINGTON — The association representing information-technology professionals says Pokémon Go has to go, at least when it comes to the security of workplace devices like phones and tablets.

Pokémon Go, the augmented reality game, has become the hottest app in the country and increasingly the globe, but a potential IT "nightmare," says the group. In the game, players wander the real world to catch virtual Pokémon, rise in the game as trainers and try to control gyms located at various designated areas including parks, museums and strip malls.

In a warning issued Monday (July 18), the International Association of IT Asset Managers (IAITAM) advised corporations to ban the use of the app on “corporate-owned, business-only” (COBO) phones/tablets and “bring-your-own-device” (BYOD) phones/tablets with direct access to sensitive corporate information and accounts.

“Frankly, the truth is that Pokémon Go is a nightmare for companies that want to keep their email and cloud-based information secure,” IATAM CEO Dr. Barbara Rembiesa said. “Even with the enormous popularity of this gaming app, there are just too many questions and too many risks involved for responsible corporations to allow the game to be used on corporate-owned or BYOD devices. We already have real security concerns and expect them to become much more severe in the coming weeks.  The only safe course of action here is to bar Pokémon Go from corporate-owned phones and tablets, as well as employee-owned devices that are used to connect to sensitive corporate information.”

Rmebiesa said the principal concerns are data breaches and knockoff copies that could mimic the app but prove a Trojan horse (make that a “Trojan Ponyta”) for cyber criminals. On the Android app store, according to one veteran player, there already several knock-off applications he says are “filled” with malware.

Reimesa said Pokémon Go has to be considered a “rogue download” in the business environment, which is something that circumvents the normal downloading protocol of an organization. But she also suggests this could be a good Pokemon training moment, as it were.

“[C]orporations should also use this as a learning opportunity to encourage maximum employee understanding of the rationale against rogue downloads, particularly the security risks they represent,” she said.