Why hackable wearables are a growing concern

(c)iStock.com/maxkabakov

With the release of the Apple Watch, wearable smart devices are rapidly becoming this year's hot technology accessory, but security experts warn that the data they collect is a gold mine for hackers. More than 420,000 wearable devices were sold in 2014 and the Consumer Electronics Association is predicting a 61% increase in wearables sold this year.

Since wearable devices are not just an after-hours accessory, the anticipated increased influx of wearable devices into the enterprise is a growing concern for IT security.

Here are three areas of security concern for wear your own device (WYOD) in the enterprise:

  • Many wearable devices don't come with built in security options such as PIN protection or fingerprint scanners, meaning that if a device is lost or misplaced anyone can potentially access information via the device. Wearable devices may have the ability to store data locally on the device and without encryption, pin protection or user authentication features this data can be accessed by anyone.  
  • Wearable devices can allow users to easily and discreetly capture video and audio creating potential privacy and data security risks for enterprise use. 
  • Bluetooth and Wi-Fi communication between wearable devices and paired smartphones has been identified as an area of vulnerability. Recently, security firm BitDefender demonstrated that the Bluetooth communication between Android devices and smartphones could be deciphered using brute force attacks.

How can you mitigate the security risks of WYOD? 

Employee education and WYOD policy

Given that most wearable devices that are worn into work today are personally owned, the first line of defense for WYOD security is employee education and development of internal policies. To start, organisations should conduct a comprehensive assessment of both personal privacy and business data risks associated with use of wearable devices by employees.

Based on this assessment organisations should begin building out an acceptable use policy for WYOD, which coordinates with the security protocols of the BYOD program. If there is already a strong BYOD program in place then addressing wearable device security will be, for the most part, an extension of the existing BYOD program. However, for enterprises who have yet to fully establish a BYOD plan, now might be a good time to address the security concerns associated with the wide range of devices employees are now using to access enterprise information.

Protecting enterprise content

From a technical perspective, IT and security teams need to ensure that employees have approved apps for securely accessing and sharing content on all the types of devices they use to do their work including laptops, smartphones, tablets, desktops and wearables.

Access to enterprise content should only be allowed via approved apps that include the following security features. These apps need to include user authentication to ensure that only authorised personnel are accessing corporate data, and that business information isn’t mixed with personal data.

These apps need to include a secure content container so that any sensitive corporate information that is stored locally on a device is stored in an encrypted container. If the device is lost or stolen it should be possible to remotely wipe the content from this secure container. 

Now is the time for enterprise organisations to begin addressing the security concerns posed by WYOD. Organisations that invest the time now to properly consider the use of wearable devices in the enterprise will mitigate data security risks, and foster happy, productive employees.  

 

https://www.iottechexpo.com/northamerica/wp-content/uploads/2018/09/all-events-dark-text.pngInterested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.

Leave a comment

Alternatively

This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.