Get Your Security Basics Right

With the wild popularity of the augmented reality game Pokemon Go, it isn't just individuals but enterprises that should be mindful of basic security. Prashant Gupta, Head of Solutions for Verizon in India talks about what it is that businesses should do to protect themselves.

Why is Pokemon Go a greater security problem than any other game?
When an app is so popular as is Pokemon, someone will inevitably try to cash in on that popularity. So, a number of fake apps will sprout up and these will compromise the device because they are tampered with and can be used for a hacker's own financial gain. Agreed that there are many apps that have fake counterparts on the Google Play Store, but high popularity increases the risk proportionally.

What is the risk specific to enterprises?
The whole world is talking about the traffic that's is happening with Pokemon Go. But the security challenges that go with it are a big concern as well. The threat is the same, whether to a general individual user or to the enterprise, but the measures needed to be taken would be different for both. As usual, the challenges are on the security and the privacy front. When the game was first launched, it requested much more access to the user's phone than it needed. It could get to the user's email, photos, and more. A patch was later released to fix this, because there was an outcry against it. But if a user picks up a fake app, the risk is huge.

In countries like India, where Pokemon Go has not yet rolled out, users are actually forwarding the apk link to one another for download, rather than getting to the Play Store.
In that case, the risk is even more as someone who has tampered with the app has even more of a vested interest in forwarding a link to the apk. Once downloaded, the compromised app could not only steal information from the user, but get access to a company network and vital data. In fact, even when software has been deployed to keep personal and private information separate on a device, there is still a security risk in the form of malware or ransomware, which is really on the increase right now. Any app that is being downloaded so widely is easy game for a hacker.

What can a company do to minimise the risk of a security breach from popular apps like Pokemon?
The first thing they must do is have an MDM or Mobile Device Management application in place from which they can control which apps can be downloaded to devices and their use. If they have a BYOD policy, they should have an enterprise-wide management in place.
If they do not have an MDM, the second line of defence is to make sure their network is hardened. If, for example, there is a guest network for visitors, they need to make sure this is properly segregated from the enterprise network and they should have the right tools in place to see what traffic is being generated from devices in the area. They should be able to spot any unusual activity.

(Disclaimer: Verizon has just launched VNS or Virtual Network Services, to transition enterprises to a virtual infrastructure model)