Credit: REUTERS/Mark Kauzlarich Pokemon Go represents a tremendous security threat. As with all tremendous threats, it can also be your greatest opportunity.I have to admit that Pokemon Go took me by surprise. I had no idea why people just told me they were going out for no apparent reason. Younger people were more blatant, but it was not until early this week that I realized that it was a phenomenon that was impacting the workplace.People of all ages, including your coworkers, are playing at record rates. Most important, they are bringing the app into the workplace, and using it on cellphones that also access work related information. It is a significant security vulnerability. [ ALSO ON CSO: Experts say Pokémon Go exposes players to security and privacy risks ] That being said, it means that awareness programs are at the front and center to protect corporate assets. At the same time, you can also appear to be the champion for the workers. Security awareness might never be more welcome. Even if people think the app is “stupid”, frequently they have family members or other loved ones playing the game.People hear about malicious apps spoofing the actual Pokemon Go app. They hear about the app tracking them and having access to all of their data. They hear about people being mugged and finding dead bodies. People are excited, but they are concerned. This is your time to shine. All security programs, led by the security awareness team, should immediately create information about the security concerns, and what to do about them.Clearly, there is a focus on mobile device security, but there are also issues concerning privacy, password security, and safety. For this reason, I recommend that you create tip sheets for distribution to all employees. Possible content to include would be:Ensure that you only download the official Pokemon Go appEnsure that your cellphone operating system is up to dateAs the app preferably uses Google accounts for authentication and tracking, consider creating a Google account just for that purposeEnsure that your password is strongReview app permissions, and remove as many permissions as possibleConsider installing anti-malware software on your cellphoneBe aware of the potential for crimeRemain alert. Carelessness will cause more injuries than crimeNever drive while playing the gameMost important, if your organization uses Google apps, clearly state that employees should never use their corporate account for Pokemon Go or any other games.You may want to provide references to additional resources for mobile device management, creating a strong password, and other relevant issues. Providing contact information for the security team would be welcome. In defining the additional resources, consider that many people may want to share the information with their friends and family, so avoid using links and resources that are only available on your intranets. It is a unfortunately extremely likely that some of your employees will eventually compromise information due to downloading malware on their mobile devices. It is guaranteed that the productivity of many employees will be impacted by the game. You can warn people about these issues, but you do not have ultimate control of them. You can however take advantage of the situation, and seem like their protector, and more than their overseer.[ RELATED: How to craft a security awareness program that works ]Personally, I am impressed by the business success of the game. I am also impressed that the gamification success. Pokemon Go would be a considered a huge gamification success for corporate wellness programs given how it encourages people to exercise. A companion article will be published shortly that highlights the true gamification principles used in Pokemon Go, and how it differs than most self-proclaimed gamification programs. From a security perspective, Pokemon Go, itself, is as security nightmare. It is a productivity nightmare. However, you can take advantage of the situation and use it to highlight the importance of practicing good security behaviors. Don’t let a great opportunity go to waste.Ira Winkler, CISSP is president of Secure Mentem and can be contacted at http://www.securementem.com Related content news CISA inks 68 tech vendors to secure-by-design pledge — but will it matter? CISA’s pledge drew some big names, but the impact on software security could be limited. Meanwhile the org has extended its comment period on the CIRCIA cyberattack reporting law. By Jon Gold May 10, 2024 4 mins Regulation Technology Industry Security Practices news Google Chrome gets a patch for actively exploited zero-day vulnerability Details of the use-after-free memory vulnerability were not publicly released, but Google says it’s aware an exploit for the bug exists. By Lucian Constantin May 10, 2024 3 mins Threat and Vulnerability Management Zero-day vulnerability Vulnerabilities news Dell data breach exposes data of 49 million customers The company says the breach compromised non-critical customer data and involved no sensitive personal or financial information. By Shweta Sharma May 10, 2024 3 mins Data Breach Hacking feature Social engineering: Definition, examples, and techniques Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems, or data. Train yourself to spot the signs. By Josh Fruhlinger May 10, 2024 15 mins Phishing Social Engineering PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe