Tips to reduce mobile device geolocation risk

By SMBWorld Asia Editors | Nov 17, 2011

0 comments

 

 

 

Digg

 Email

Print

With location-based applications such as Facebook, LINE, Groupon and Google Maps becoming increasingly popular on mobile devices, the risk and benefits of geolocation are being hotly debated. A new guide from the global nonprofit IT association ISACA advises enterprises to take the initiative now to protect the information they provide, collect and use.

Geolocation uses data acquired from a computer or mobile device to identify a physical location. Applications using this technology offer consumers greater convenience, discounted prices and easy information sharing, and enable enterprises to deliver more personalized customer service and offers.

But as geolocation services become more prevalent, the need for data management and enterprise controls increases significantly.

Available as a complimentary download from ISACA, “Geolocation: Risk, Issues and Strategies,” points out that malicious use of geolocation data can put both an individual and an enterprise at risk. When a person’s personal information, such as gender, race, occupation and financial history, is combined with information from a GPS and geolocation tags, the data can be used by criminals to identify an individual’s present or future location. This raises the potential of threats ranging from burglary and theft to stalking and kidnapping.

“As the number of geolocation users and mobile devices grows, the prospect of individual or enterprise information becoming available to hackers or other unauthorized users is a significant concern,” said Michael Yung, president, ISACA China Hong Kong Chapter.

“According to a survey recently conducted by ISACA, about 50% of the respondents from Hong Kong and China say that their enterprises provide guidance on security issues regarding the use of geolocation services on smartphones and other devices—a higher percentage than in other countries and regions around the world. As such, we can see that Hong Kong and China are ahead of the other regions, in that the significance of security issues regarding geolocation has been recognized.”

Collecting and using geolocation data pose risk to the enterprise, including:

· Privacy:  Geo-tagging is implemented by users, but there may be multiple entities that have access to the data, including the service provider and wireless access points/developers. Users can’t always identify (or aren’t always aware of) the source of, or who owns, their location data.

· Enterprise reputation: When breaches occur or policies have not been communicated clearly to customers, organizations risk negative perceptions of their brand.

· Compromise of sensitive information: The physical location of an enterprise and its remote facilities/equipment can be identified, increasing potential for loss of sensitive information through a variety of attacks.