Location-based applications such as Facebook and Google Maps on mobile devices without proper protection can endanger the mobile user’s personal information and make him more susceptible to financial and other crimes. This was revealed in a whitepaper titled “Geolocation: Risk, Issues and Strategies” by ISACA, which studies IT related topics,
“Malicious use of geolocation data can put both an individual and an enterprise at risk. When a person’s personal information, such as gender, race, occupation and financial history, is combined with information from a GPS and geolocation tags, the data can be used by criminals to identify an individual’s present or future location. This raises the potential of threats ranging from burglary and theft to stalking and kidnapping,” according to the whitepaper by ISACA.
Geolocation uses data acquired from a computer or mobile device to identify a physical location. Applications using this technology offer consumers greater convenience, discounted prices and easy information sharing, and enable enterprises to deliver more personalised customer service and offers. But as geolocation services become more common, the need for data management and enterprise controls increases significantly.
Niraj Kapasi, international vice president of ISACA and chairman of the ISACA India Task Force believes “The discussion on geolocation and privacy is dominated worldwide with the risk that it poses to consumers. While that is not out of place, there is a higher risk to organisations which could, inadvertently or for providing a better experience to consumers, be collecting geolocation data of their users. In the absence of clear regulation in India on the use of this information, organisations face significant risks. The whitepaper on geolocation from ISACA comes at a very appropriate time for use by enterprises to mitigate their risks by evaluating the information they are collecting”.
According to the whitepaper, “Geo-tagging is implemented by users, but there may be multiple entities that have access to the data, including the service provider and wireless access points/developers. Users can’t always identify (or aren’t always aware of) the source or owner of their location data. “
It also said that hackers can use sensitive data to malign an enterprise or person.
“We live in a mobile world and geolocation is here to stay. It brings obvious benefits both to individuals and enterprises, but if not managed properly the associated risk will be substantial,” said Ramsés Gallego, member of ISACA’s Guidance and Practices Committee and security strategist and evangelist at Quest Software. “It directly impacts individuals’ and enterprises’ privacy and confidentiality, and the consequences of poor governance over geolocation can be disastrous.”
As a precaution, the whitepaper suggested that users must read mobile app agreements to see what information they are sharing; they must enable geolocation when the benefits outweigh the risk, cautiously post tagged photos to social media sites, embrace technology and be informed.
“There are great consumer advantages of geolocation services, such as photos being tagged with the correct location or assisting you with directions to the location you are traveling to. However, as with all technologies, individuals and enterprises must consider their risk tolerance level,” said Robert Stroud, past international vice president of ISACA and vice president, strategy and innovation, at CA Technologies. “The fundamental issue at play is that many consumers are unaware of the risks. They need to educate themselves in order to make informed decisions.”