Take Action to Avoid Mobile Device Geolocation Risk

Share  
1  |  2  |  3  |  4  |  5  |  6  |  7  |  8  |  9  |  10  |  11  |  12  |  13
Previous Next

Click through for actions organizations and individuals can take to limit the risk associated with geolocation technology, as identified by ISACA.

Twenty-eight percent of U.S. adults use location-based applications such as Facebook, Groupon and Google Maps on their mobile devices, and that number is expected to grow significantly. But a new ISACA white paper cautions that regulating the use of geolocation data is still in its infancy, so individuals must be aware of the information they are sharing and enterprises must act now to protect themselves and the information they provide, collect and use.

Geolocation uses data acquired from a computer or mobile device to identify a physical location. Applications using this technology offer consumers greater convenience, discounted prices and easy information sharing, and enable enterprises to deliver more personalized customer service and offers. But as geolocation services become more common, the need for data management and enterprise controls increases significantly.

As ISACA’s new white paper, “Geolocation: Risk, Issues and Strategies,” points out, malicious use of geolocation data can put both an individual and an enterprise at risk. When a person’s personal information, such as gender, race, occupation and financial history, is combined with information from a GPS and geolocation tags, the data can be used by criminals to identify an individual’s present or future location. This raises the potential of threats ranging from burglary and theft to stalking and kidnapping.

“As the number of geolocation users grows and the proliferation of mobile devices continues, the prospect of individual or enterprise information becoming available to hackers or other unauthorized users is a significant concern,” said Marios Damianides, CISM, CISA, CA, CPA, past international president of ISACA and partner, Advisory Services, at Ernst & Young. “We need policies that will establish ‘privacy by design’ to instill trust across the enterprise and guard against malicious use of location information.”

Regulators are aware of such concerns and are moving to enact rules regarding how companies can use geolocation data. Current U.S. legislation proposed by Sens. Al Franken (D-Minn) and Richard Blumenthal (D-CT) would restrict whether companies can store individual location data obtained from mobile devices, and a proposed amendment to the Children’s Online Privacy Protection Act (COPPA) from the U.S. Federal Trade Commission addresses the collection of geolocation data from children under age 13.

Collecting and using geolocation data pose risk to the enterprise, including:

  • Privacy:  Geo-tagging is implemented by users, but there may be multiple entities that have access to the data, including the service provider and wireless access points/developers. Users can’t always identify (or aren’t always aware of) the source or owner of their location data.
  • Enterprise reputation: When breaches occur or policies have not been communicated clearly to customers, organizations risk negative perceptions of their brand.
  • Compromise of sensitive information: The physical location of an enterprise and its remote facilities/equipment can be identified, increasing potential for loss of sensitive information through a variety of attacks. 

“We live in a mobile world and geolocation is here to stay. It brings obvious benefits both to individuals and enterprises, but if not managed properly the associated risk will be substantial,” said Ramsés Gallego, member of ISACA’s Guidance and Practices Committee and security strategist and evangelist at Quest Software.  “It directly impacts individuals’ and enterprises’ privacy and confidentiality, and the consequences of poor governance over geolocation can be disastrous.”

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 

More Slideshows

WinMagicHigherEdSecurity0x Data Protection: Five Challenges Facing Today's Educational Institutions

Given the amount of sensitive information colleges and universities store, including student records, coursework and research, it's imperative that they readdress their current security strategies. ...  More >>

DruvaPortrait Data at Risk: Super Scary Facts

These facts aren't for the faint of heart, so leave a light on while you learn about the dangers faced by data in the wild. ...  More >>

SurfWatchCyberCrimeTrends0x Trends in Cyber Crime: A Look at the First Half of 2014

A new report aggregates and standardizes cyber crime data from the first six months of the year into cyber BI that provides some interesting insights. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.