The Apple Watch, the Moto 360, the Samsung Gear. Whether you have a fixed BYOD policy or not, these wearable technologies are already communicating through your corporate network on a daily basis, working seamlessly to collect and deliver data to employees on the move.
As a matter of fact, IDC predicts that by 2019, more than 89 million smart wearable units (including smart glasses, hearables, and fitness and health trackers) will ship worldwide. That’s more than double the 2015 estimate of 33 million.
What started out as fun consumer devices are also now offering a vast number of applications targeting enterprise users. Newly designed apps are permeating corporate networks with employees benefiting from popular features such as “at a glance” email and messaging. Unfortunately, these technologies of convenience, which can have a very positive impact on productivity, have significant implications for network security.
To the IT professional, these smart devices carry the potential to wreak havoc on data security. Built more for mobility than security, smart watches and the apps they host are highly exploitable proposition for hackers. It’s certainly not hard to see how corporate secrets could be at risk with so many devices readily able to siphon off data courtesy of slapdash application development.
Wearables are hyper-connected devices and often have Bluetooth, Wi-Fi and in some cases even direct cellular connectivity. Applications from the paired smartphone are automatically loaded on to the wearable. This means when used in the enterprise and associated with a corporate applications, a single wearable vulnerability could snowball into something far worse. For example, imagine inadvertently leaking your sales pipeline and customer information.
Unfortunately, it’s hard to prevent employees from bringing wearable technology into the workplace, short of disabling Bluetooth and Wi-Fi on smartphones, which is not likely to happen. As a growing trend, the business case for wearable technologies in the work environment is still being debated. Corporate IT already has the tools needed to prevent jail-broken smartphones from connecting to the network (Enterprise Mobility Management) but those measures fall short of protecting the new class of smart wearable devices.
How can you reduce your corporation’s security risk associated with wearables? Here are some initial steps :
- Write a corporate policy around the acceptable use of wearable technologies within the enterprise and make this a well-known practice that employees can understand and follow.
- Require non-trivial passcodes (no 1234 or 1111, etc.) on wearable devices linked to corporate data.
- Ensure that lost or stolen devices are reported immediately.
- Educate users on recognising and reporting spear phishing attacks that may be focused on wearable devices.
Wearable devices are a big part of everyone’s future. As the technology continues to evolve and eventually grabs hold in the enterprise, it will revolutionise high value information sharing across most industries. What seems like a harmless watch or pair of glasses today could be a significant security nightmare tomorrow. Where there is easy access to valuable information, you’ll find motivation for hackers and cyber criminals.[su_box title=”About Andrew Young” style=”noise” box_color=”#336588″]
Andrew Young, is VP of Product Management at WatchGuard. He has more than 20 years of experience bringing security hardware and software products and SaaS services to market, including more than 10 years of progressive product management expertise. He most recently served as senior vice president of Identity Protection at Gemalto, managing the Enterprise, eBanking and Trusted Identity segments. Prior to that, Young spent 11 years with SafeNet in a variety of senior product management roles for IPsec and SSL VPN, high-speed encryption, and Identity and Authentication. Before that, he managed engineering teams at Rainbow Technologies, a leader in enterprise security products. Andrew studied Mechanical Engineering at California Polytechnic University in San Luis Obispo.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.