It’s a fair bet that one of your employees has already shown off a trendy new wearable gadget around the office. What began with Bluetooth earpieces would branch off into smartwatches, smart glasses, wrist-worn fitness trackers, and even smart clothing (including a smart bra!) Research firm Gartner forecasts sales of over 274 million wearable technology products in 2016—soaring past 322 million by 2017.
New Technology = New Targets for Hackers
For better or worse, wearable devices are on their way to becoming part of everyday life—including the workplace. But while manufacturers race to pack every new gadget with interesting bells and whistles, hackers and cyber-crooks are looking for emerging security weaknesses to exploit.
What are the potential security risks with wearable devices?
No Password Protection. Many wearable devices on the market—including high-end fitness trackers with email and social media connectivity—access external networks and store data without the password/PIN protection, biometric authorization, or other user authentication we’ve come to expect on smartphones. If the device is physically lost or stolen, that data is virtually exposed to anyone.
Unencrypted Data. A lack of standard encryption is also an issue for many wearables—either unencrypted files stored locally on the device or unsecured wireless connections when synced with smartphones or other host devices (Bluetooth encryption is avoided as it often causes additional battery drain).
A Spy’s Dream? James Bond (circa the “Goldfinger” era) probably would have loved the miniaturized functions of a modern smartwatch—in particular its ability to record still images, video, and audio. But if that device is hijacked by a malicious hacker, it may become a mobile portal for industrial espionage, either stealing recordings or eavesdropping in real time.
But That’s Not All… If the above reasons weren’t enough to be wary of the influx of wearable devices, a 2015 study released by the University of Illinois revealed that monitoring the electronic motion sensors on a Samsung Gear smartwatch could determine words typed on a keyboard! Think about that before you write your next confidential email or memo.
Where Do Wearables Fit In to Your BYOD Policy?
While wearables are increasingly common on and off the job, they represent an undefined grey area for business IT security. Many operate on their own platforms and aren’t compatible with most MDM solutions designed to regulate smartphones and laptops. Permissible onsite use of wearable devices will need to be incorporated into your company’s formal BYOD policy, which we’ve recommended that our customers define in writing.
Are your employees’ wearable devices a potential “weakest link” in your security chain? For ideas and solutions, talk to us.