Tuesday, February 28, 2012

What may geolocational services mean for your organisation's security?

The US Army has released a very interesting - and frightening - presentation looking at the risks of geolocational services on smartphones and some social media services in relation to national security.


Essentially it raises (and addresses) the issues of what can happen when people share photos or content tagged with their physical location (whether they realise they are sharing or not).

If someone knows where you live and work and has insights into your schedule, activities and home life there are risks that some of this information may be used against you, or your employer, for political or commercial gain.


I have embedded the presentation below, but wanted to flag that the risks - and mitigations - highlighted are not limited to armed forces.

They apply for anyone with a secure or sensitive role, that access commercially or politically important information or that may be at risk of blackmail - which covers a LOT of people, both in the public and private sectors.

The recommendations from the US army are to be alert, not alarmed, and to take appropriate steps to understand the devices and services that you use, ensuring that the only information you share is what you are choosing to share.

This, of course, doesn't even touch on the risks of facial recognition (for identifying undercover police officers or simply identifying staff for a particular agency) or of location recognition - recognising the location of a photo which has no geotagged information from other publicly available photos that do.

We are moving into a time where, even without widespread CCTV, it is becoming possible to track people's movements and activities through facial recognition in publicly available photos, with time and location (geotag) data providing a picture of what they do, when and with whom.

Does your organisation have a high level officer tasked with monitoring, understanding, educating staff (at all levels) and providing advice on mitigation of these types of risks?

Does your organisation have a policy on taking photos at the office, in your carpark or at office functions?

Does it advise you of the risks you might be taking when you become the public FourSquare 'Major' or equivalent of your local coffee shop - publicly highlighting the times and places you'll be and, potentially, your office's location (if secure) and what you look like?

Have you advised or educated your organisaton on risks they are unaware of?

Frankly I think that these risks - real risks - with digital and social media services often get neglected through lack of awareness and understanding. Often executives focus on popularised fears and myths reported in the media, which may be less damaging, more easily mitigated or simply not a risk at all, such as staff time wasting via social media, inappropriate behaviour online and negative citizen comments.

What do you think?

No comments:

Post a Comment