Mitigating Risk with Wearables in the Workplace

Much has been made of the Internet of Things and the way in which it will transform our lives — for the better, in many cases. Yet the interconnectivity of all these devices and the paths they pave for cyber criminals, hackers, and other threats pose a significant issue for enterprises dealing in secure data.

Nowhere has the IoT become more of a threat to organizations than in the wearable technology market. The industry, which includes fitness activity trackers, smartwatches, and health issue monitoring, among others, has exploded in recent months. ABI Research estimated that there would be 200 million wearable devices on the market by the end of 2015, and 780 million by the end of 2018.

And a study by Pricewaterhouse Coopers showed that 20 percent of all consumers already own at least one wearable, and places the estimate of new connected devices by 2020 at upwards of 50 billion.

The problem for companies comes with the interconnectivity of these devices, the transfer of data to third-party sources, and the capability to record and store multimedia files, such as audio and video taken at work of potentially sensitive activities and information.

What’s more, companies that provide wearables for their employees or use business apps like Salesforce and Zoho on personal devices could be opening themselves up to a wide array of privacy concerns centered around what they’re collecting from their employees.

While many businesses have a thorough and well-enforced BYOD policy, the Information Security Audit and Control Association showed that 60 percent of businesses believe wearables pose a similar risk to smartphones and laptops — yet 89 percent do not have policies that cover wearable devices.

Here are a few measures you can implement within your own organization to ensure private data stays private, even as technology makes great strides.

Make sure to include verbiage on Wear Your Own Device (WYOD) regulations in your policies. Define acceptable use of devices, especially those with video and audio recording capabilities, and bind employees to following these limitations with a signed, written agreement.
Disable Bluetooth between wearables and enterprise-managed smartphones or tablets, especially in sensitive areas.
Use application blacklists to prevent wearable apps from interacting with company smartphones.

For businesses providing wearables for company use,

Use WIPS to monitor unauthorized connections that could threaten the security of wearables.
Consider authentication such as biometrics, proximity, and geofencing to ensure the person at the other end of the device is the authorized user.
Use secure wearables that encrypt data, include access controls, and continually patch systems with the latest security updates.
Keep an eye on how you’re monitoring employees outside of business hours, and outline the scope of use for business-oriented wearables, making sure employees understand what will and will not be collected.

While the wearable market and the IoT isn’t going anywhere, businesses that take steps now to mitigate risks will find themselves in much less danger of being blindsided by enterprising hackers and other data thieves.

Posted in BAI Security Blog.

Leave a Reply

Your email address will not be published. Required fields are marked *