Ask Jack: Why Shouldn't I Use My Work Computer For Online Games?

By Jack McCalmon, The McCalmon Group, Inc.

I don't see what harm it causes for my son to play his games on my work laptop. It's not like I am downloading gaming software...

 

Beyond the idea of keeping a work device for work, there is a legitimate cyber risk when children or adults play online games using work devices. First, minors are not trained on cybersecurity risks and are more susceptible to social engineering schemes. As a result, minors who game are often targeted for malware.

One of the world's most popular games is Roblox. Here is what one cybersecurity company discovered:

Over the past three years, cybersecurity firm Kaspersky has managed to find 34 million Roblox user credentials (logins and passwords) that have been compromised by malware and leaked on the dark web.

Thus, this game is a very profitable target for cybercriminals who use infostealer malware... the number of accounts compromised for the game [that is] popular [with] children continues to increase every year.

Over the past three years, this figure has increased by 231 percent, from around 4,700,000 in 2021 to 15,500,000 by 2023.

In general, the average number of accounts compromised in a combination of 11 other popular random platforms or games (including Twitch, Electronic Arts, Sony PlayStation, and Steam) has increased ... by 112 percent since 2021.

According to Kaspersky researchers, the reason behind the high volume of login credentials related to Roblox is because children are the most vulnerable group, especially against various types of social engineering. https://voi.id/en/technology/370054 (Apr. 01, 2024).

Also, consider that gamers go to chatrooms and interact online with complete strangers who have a built-in "trust" simply because they play the same game. It's easy for one of these strangers to pass a file under the guise that it would give an advantage to a player in a particular game, but instead be malware.

The final takeaway is that games should be isolated to one device unaffiliated with your work. I would even create a separate email account just for games and definitely use a VPN. The last thing you want is a game to create a cybersecurity incident at your place of work.

Jack McCalmon, Leslie Zieren, and Emily Brodzinski are attorneys with more than 50 years combined experience assisting employers in lowering their risk, including answering questions, like the one above, through the McCalmon Group's Best Practices Help Line. The Best Practice Help Line is a service of The McCalmon Group, Inc. Your organization may have access to The Best Practice Help Line or a similar service from another provider at no cost to you or at a discount. For questions about The Best Practice Help Line or what similar services are available to you via this Platform, call 888.712.7667.

If you have a question that you would like Jack McCalmon, Leslie Zieren, or Emily Brodzinski to consider for this column, please submit it to ask@mccalmon.com. Please note that The McCalmon Group cannot guarantee that your question will be answered. Answers are based on generally accepted risk management best practices. They are not, and should not be considered, legal advice. If you need an answer immediately or desire legal advice, please call your local legal counsel.

 

Finally, your opinion is important to us. Please complete the opinion survey:

News

New Fax Number for Best Practice Help Line

The fax line for Best Practice Help Line consultation requests is now 918-712-5965.

LockBit Cybercrime Group Disrupted, For Now

A notorious "Ransomware as a Service" criminal gang was broken up in a multinational law enforcement operation, but the malware remains a threat to be guarded against.

Deepfake Tech Raising The Stakes On Impersonation Scams

The 2023 FTC stats show impersonation scams rising. No longer satisfied with targeting individuals, scammers now target employers, too. We examine.

Ask Jack: Does Language Play A Part In Cybersecurity?

New statistics show a language barrier in cybersecurity exists and may be playing a part in contributing to loss. Jack takes a look.