Security Risks Lurk Behind Corporate Wearables Adoption

Security risks and wearables adoption

Wearables makers were expected to sell 274.6 million devices in 2016, according to a Gartner report. Nearly three quarters of millennials, 71 percent, say their companies should give them wearables like smart watches or smart glasses, shows a PwC survey. Almost half – 49 percent – backed their techno lust by claiming that wearables would boost productivity. Corporate wearables adoption, however, comes at the price of myriad unexplored and unaddressed security risks.

“All I want is easy action…”

Wearables are tiny, making them easy to snatch while left in a gym, for instance. Since they require little authentication, thieves – or virtually anyone else – can then access all the data stored on them at leisure.

BYOD (bring your own device) policies – where in place – rarely address the new challenges posed by wearables. Most mobile device management systems are still untested in scenarios where corporate wearables feature widely in company networks.

Most, if not all, wearables are connected. They synchronise data with cloud based services or corporate servers. Most of these data are unencrypted. Companies cannot enforce encryption, since these are third party apps. Their embedded software is beyond the reach of a corporation customising its software or making it more secure. This invokes a classic man-in-the-middle attack scenario in which data in transit is totally exposed.

“I spy with my little eye…”

A good many wearables can transmit video, audio, and data. This makes them perfect for spying. Indeed, not a few corporate wearables sell precisely because of their crypto-spying capabilities, like tracking employee location, monitoring driving safety to cut corporate car insurance bills, or even observing employee moods.

Over-monitored employees can turn the tables on their employers, however, by recording images or sound during sensitive corporate meetings. (What is more, some of them could do so entirely unintentionally.) Checking every wearable for activated spying capabilities is an uphill task even for multinationals.

An active wearable usually links to smartphones or tablets through protocols like Bluetooth, NFC, or Wi-Fi/wLAN. Bluetooth, for one, is quite prone to hacking, jeopardising corporate wearables connected or communicating with other devices via Bluetooth. An unsecured Bluetooth connection can be snooped from up to 100 feet, making it easy for a penetrator to hide. The same applies to unsecured Wi-Fi networks inside or outside the office.

Fragmentation versus standardization

Highly fragmented as the wearables industry is, it might find it worthwhile to invest into basic compatibility and communications security standards. It should easily afford to do so, with a 2016 turnover expected to be an impressive $28.7 billion. Indeed, some months ago UL (formerly Underwriters Laboratories) announced it was looking to certify wearables for security and privacy. The move addresses individual privacy, however, leaving corporate concerns unattended.

Many manufacturers install proprietary software and operating systems into their wearables. They often do not support secure third party apps, yet allow unsecured apps to run on their devices. Patching and securing a wearable largely depends on its maker’s goodwill and dedication to improving device software continuously.

Since 37 percent of employees expect their companies to roll-over older technology for the latest, transiting to newer and more secure corporate wearables should be easy.

Enlightened self-interest

Companies can further motivate corporate wearable users into accepting secure new devices by highlighting the risk to their most intimate personal and domestic security. While it is very chic to sport the latest wearable, some devices will soon be able to communicate with the Internet of Things and control home appliances and security. Should unsecured devices be hacked, the consequences are potentially hair-raising.

Corporate wearables adoption is burgeoning and backed by a rapidly growing number of employees. Businesses, however, should be very wary of just what they offer their employees in the way of wearables while the security aspects remain unaddressed.

By Kiril Kirilov

Episode 2: Coronavirus Phishing Emails and Work-from-Home Meetings

Coronavirus Phishing Emails What to watch out for as scammers exploit pandemic panic, and tips ...

Episode 3: The Bottomless Cloud – An Interview with David Friend of Wasabi

Why data is not “the new oil” and why “cloud” means more than we think ...

Episode 5: How the Pandemic is Changing Business and the Cloud

An Interview with Ed Dryer of Steadfast With the global pandemic wreaking havoc on business ...
Back G Cloud

Five Reasons Why There’s A Digital Stampede To The Cloud

The Digital Stampede As the transfer of digital assets to the cloud gathers momentum, we examine the fundamental reasons why it’s happening Many organizations have ...
Johan

Why the digital infrastructure is a matter of national interest!

Digital Infrastructure National Interest When the Internet was born, it promised a form of democracy and guarantee that everybody could be part and setup their ...
David Gevorkian

How to Apply Website Accessibility in UX and How to Achieve Better User Experience

Design Tweaks: Apply Website Accessibility in UX In this current digital age, websites have become more complex because of the introduction of various aesthetic designs ...
Kokumai

Identity Assurance – Sufficient and Necessary Conditions

Identity Assurance It is not easy to define the 'sufficient condition' for describing a set of processes used to establish that a natural person is ...
David Discenza

Four Ways to Improve Cybersecurity and Ensure Business Continuity

Four Ways to Improve Cybersecurity Cyber-attacks on businesses have become common place. In fact, it’s estimated that a cyber-attack occurs every 39 seconds. Who are ...
Mary

Leveraging Carrier Ethernet For A Better Connection

Leveraging Carrier Ethernet Determining the Best Cloud Connectivity Solution With the Cloud only being as good as employees’ ability to effectively access it, the overall ...
Ian Hayes

EasyShip – Shipping and delivering across the cloud

The Shipping Industry  Article branded by Easyship Shipping and delivering across the world is as hectic as it sounds, and it can get really chaotic ...
David Friend

Cloud 2.0 will not be Ushered in by AWS or other Cloud Giants

Cloud 2.0 Trends Amazon, Google, and Microsoft are all pursuing similar business strategies: they want it all. ‘It,’ in this case, means the entire IT ...
Brad Thies

SOC Reporting Requirements You Need to Know in a Cloud Environment

SOC Reporting Requirements Security lapses in some of the world's biggest companies continue to appear in news headlines, and information security is top of mind ...
Kaylamatthews

New Security Regulation – Cybersecurity Maturity Model Certification (CMMC)

Cybersecurity Maturity Model Certification Changes are on the horizon for the Department of Defense (DoD) and its contractors. Late last year, the DoD announced the ...