If you hear employees talking about spending their stardust andcandies, chances are they’re caught up in the latest pop culturefixation: Pokémon Go.

The mobile phone game sensation has fans roaming the countrywith their handhelds out to capture the “Pocket Monsters” scatteredvirtually throughout the real world.

The kid in me chuckles at this innovative use of augmentedreality (AR) technology. But my cyber risk side looks at AR andsees potential issues involving malware, privacy, data disclosure,and employee safety.

Real-world risks

Computer and online games become instant targets for malware,through such things as fake and cracked versions in app stores.This could allow hackers to gain control over a phone and thus awealth of data about its user. For companies with bring your owndevice (BYOD) programs, enterprise email accounts and other datacould be exposed.

Of course, BYOD risks are not limited to Pokémon Go. Forexample, sensitive information can be exposed through employees’social media postings and other activities. But apps that areaddictive and seemingly innocent can blind users to the risks ofdownloading.

AR technology combines elements of the digital and physicalworlds into a single view, allowing data, text, or images to besuperimposed on a live video feed. In Pokémon Go, AR allows for thegame map to align with a real-world map and players to find andeven photograph their monsters in physical locations.

And there are other risks. What if a Pokémon is located insideyour company’s office? If a user shares a photo or screenshot ofsuch a location, it poses a risk of inadvertent loss of sensitivecompany or customer information. And there are issues aroundinvasion of privacy for people/places that don’t want to beinvolved in the game.

Managing risk

As surely as Pikachu evolve into Raichu, technology like AR willmorph and bring new risks. Businesses may try to block or limitemployees’ access to AR and similar technology, but that may onlyprovide temporary relief before the next threatemerges.

So as with all cyber risks, when it comes to Pokémon Go,organizations should make sure they don’t focus only on prevention.Among the steps to bolster response and recovery, businessescan:

• Educate employees about the risks.
• Conduct regular cyber risk assessments and audits to identifythreats and assets at risk.
• Develop and test disaster recovery, business continuity, andincident response plans in conjunction with law enforcement,regulators, and others.
• Purchase cyber insurance to deal with the inevitable risks thatslip through the cracks.

AR and other disruptive technologies are here to stay, andpromise to benefit companies and consumers. Risk professionals willneed to be nimble as they manage the accompanying risks.

Related: Playing Pokémon Go? Here are 3 kinds ofinsurance you need

Thomas Reagan is the cyber practice leaderwithin Marsh's Financial and Professional Products (FINPRO)Specialty Practice. This article first appearedon Marsh.com and is reprinted here with permission. Visit theMarsh Risk in Contextblog for the original post.