Wearables At Work: 9 Security Steps Worth Taking


Wearables are finding their way into organizations, whether or not IT departments are prepared to deal with them. As the number of endpoints continues to grow, so does the potential for hacks. These nine pointers will help you prepare your organization to keep ahead of threats.

Wearables, like smartphones, laptops, and Macs before them, are finding their way into the enterprise. Healthcare and fitness devices are the most popular options today, followed by smartwatches and smart glasses, according to a recent survey by PricewaterhouseCoopers (PwC) .

Meanwhile, some companies are issuing fitness devices as part of wellness programs to reduce health insurance costs. In some cases, businesses are collecting or monitoring data that was not previously available without the written consent of employees. Regardless of who owns the devices, IT departments, security personnel, and corporate leaders need to be prepared for unanticipated breaches.

"It's fairly easy to listen to these devices because they use unencrypted [Bluetooth Low Energy]. For under $100, somebody could build a device that will listen in on that communication," said Robert Clyde, CISM and board director of IT governance association ISACA, in an interview. "Generally, you have to be 30 feet or closer, but with an amplified antenna you can do this from well over 100 feet away, which means no one would know you're nearby."

[ What is your wearable saying about you? Read Fitbit, Other Fitness Trackers Leak Personal Data: Study. ]

According to Clyde, hacking into an individual's healthcare or fitness device could be valuable from a competitive business standpoint if a person's heart rate were monitored in the context of a business negotiation. Because health monitors are maturing from simple consumer devices to more sophisticated "medical-grade" devices, the risk to individuals could include employment discrimination, blackmail, contract interference, damage to reputation, and privacy invasion, among other things. From a corporate standpoint, the new streams of data – and how they're dealt with in transit and at rest -- may raise red flags with HIPPA, ADA, or other regulations that require strict compliance.

In short, the scope of attacks, and their potential fallout, have not been completely contemplated, nor has the potential effect wearables could have on enterprise security.

"Tracking steps is not very interesting, but if the device is used for access control or identity confirmation, the consequences can be more severe," said PwC Principal Mike Pegler, in an interview. "It's important to think of these as a system. The weakest link of the chain could be the point of entry."

Disney reportedly spent $1 billion on MagicBands for visitors to its Magic Kingdom. Guests can use the bands to unlock their own hotel room doors, authenticate themselves, make purchases, and relay other types of information which Disney can use to personalize visitor experiences (and, presumably, encourage more spending). The same capabilities can be used in business settings to simplify tasks such as authentication and access, as well as to improve efficiency and safety. Whether clothing, visors, wristbands, clothing, or other form factors, the number and types of wearables is predicted to explode. As a result, companies need to contemplate the potential effect on the workplace.

"Anyone wearing or utilizing these devices needs to realize that the information they are inputting, such as personal information, credit card information, and medical information, is susceptible to hacking attacks," said Matti Kon, president and founder of software development company and system integrator InfoTech, in an interview. "Devices built on cloud computing makes them vulnerable to possible data breaches and this information is very valuable to hackers."

Of course, the usual security practices still apply. But, there are always new ways to breach existing systems and exploit new endpoints. To help minimize the fallout of a breach, consider these suggestions.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    Googler Says Pixel Camera is Getting an Update to Address Lens Flare Issue

    Once the Google Pixel and Pixel XL hit store shelves and starting arriving on the doorsteps of pre-orderees, a number of people reported an odd halo/arc lens flare in some of the early pictures they had taken.Wait, why is it that Droid Life didn’t mention this lens flare in either our camera review or full phone review, you might be wondering?
  • 5300c769af79e

    AT&T Details 5G Plans for 2017, Select Cell Sites Expected to Hit 1Gbps Speeds

    This week, AT&T laid outs its game plan for 5G in 2017, including speeds it expects to see at specific cell sites and upcoming trials with DIRECTV NOW streaming.According to AT&T, the company fully expects to reach theoretical speeds of up to 1Gbps at select cell sites, with three-way carrier aggregation under way in select areas and four-way aggregation coming later this year.
  • 5300c769af79e

    Cloud Computing Profit Requires Trust Of Technology

    But cloud computing promotes greater profitability when corporate leaders trust the technology, according to a Google-sponsored report (PDF) from the Economist Intelligence Unit (EIU).In April, the EIU surveyed 452 senior executives across 10 countries about how their organizations used cloud computing and how they saw cloud technology in terms of security, privacy, reliability, accessibility, scalability, support, cost, and agility.
  • 5300c769af79e

    Facebook to Highlight Articles You Actually Want to Read

    Another day, another Facebook News Feed algorithm change.The social network on Thursday promised to start presenting "more articles you actually want to spend time viewing.