Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

ISACA Offers Guidance for Geolocation Usage and Collection

Organization Warns that Poor Governance over Geolocation can be Disastrous

In a recently released white paper, the ISACA has offered a general overview of the issues surrounding corporate and consumer privacy when it comes to mobile geolocation services. In addition, the organization has offered a simple mnemonic to consumers and employees to address privacy and safety concerns – aptly named ROUTE.

Organization Warns that Poor Governance over Geolocation can be Disastrous

In a recently released white paper, the ISACA has offered a general overview of the issues surrounding corporate and consumer privacy when it comes to mobile geolocation services. In addition, the organization has offered a simple mnemonic to consumers and employees to address privacy and safety concerns – aptly named ROUTE.

ISACA According to ISACA, geolocation services offer a wealth of benefit to the business world, earning it a popular status within the enterprise. For example, location-based data can be used to offer direct marketing and context-sensitive content delivery, monitoring of criminals, enforcing location-based access restrictions on services, cloud balancing, and fraud detection and prevention.

On the other hand, such data collection raises questions when it comes to privacy, specifically, business practices around the collection and use of the PII (personally identifying information).

“This raises several questions of concern for the user, such as how their location data are being used, with whom the data will be shared, whether there will be onward transfer of the data, and the timeline for data retention and destruction,” the white paper comments.

“The amount and the nature of individual and corporate information available to potential hackers would allow targeted attacks that are difficult to prevent, detect and manage. In addition, each user’s personal information, including race, gender, occupation, and financial history, has significant financial value. Therefore, location information is particularly of high value. Information from a GPS and geolocation tags, in combination with other personal information, can be utilized by criminals to identify an individual’s present or future location…”

Again, while all of the geolocation data collected has tremendous value, the risk that comes with the storage and collection should be a topic of concern to business leaders. This is why the ISACA is encouraging organizations to think carefully about their geo-marketing practices, to the point of considering their current privacy policies, and if they accurately reflect the collection and use of geolocation data.

“There is a growing consensus that geolocation data should be classified as sensitive due to a number of concerns such as transparency about data collection practices, solicitations made based on geolocation data obtained without the user’s consent and physical safety stemming from the misuse of information that can identify a user’s current (or future) physical location,” the ISACA notes.

For example, consider the use of geolocation data in a Phishing attack. As the whitepaper points out, “attacks to an individual’s e-mail or mobile device are targeted and are, therefore, highly effective at soliciting a response acknowledgment from the victim.”

In Phishing, all it takes is one person opening an attachment or accessing a link for the attack to work. The ISACA’s point is that geolocation data can help craft messages, which will allow an attacker to get a target’s attention with accurate and granular information.

Those with concerns, including consumers and employees within an organization, need only remember a single word to protect themselves: ROUTE

Translated, ROUTE covers the following practices:

Read mobile app agreements to see what information you are sharing.

Only enable geolocation when the benefits outweigh the risk.

Understand that others can track your current and past locations.

Think before posting tagged photos to social media sites.

Embrace the technology, and educate yourself and others.

“We live in a mobile world and geolocation is here to stay. It brings obvious benefits both to individuals and enterprises, but if not managed properly the associated risk will be substantial,” said Ramsés Gallego, a member of ISACA’s Guidance and Practices Committee.

“It directly impacts individuals’ and enterprises’ privacy and confidentiality, and the consequences of poor governance over geolocation can be disastrous.”

The white paper is available here.

Written By

Click to comment

Expert Insights

Related Content

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Privacy

The EU's digital policy chief warned TikTok’s boss that the social media app must fall in line with tough new rules for online platforms...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Computer maker Lenovo has started pushing security patches to address three vulnerabilities impacting the UEFI firmware of more than 110 laptop models.

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...