Security Risks Lurk Behind Corporate Wearables Adoption

Security risks and wearables adoption

Wearables makers were expected to sell 274.6 million devices in 2016, according to a Gartner report. Nearly three quarters of millennials, 71 percent, say their companies should give them wearables like smart watches or smart glasses, shows a PwC survey. Almost half – 49 percent – backed their techno lust by claiming that wearables would boost productivity. Corporate wearables adoption, however, comes at the price of myriad unexplored and unaddressed security risks.

“All I want is easy action…”

Wearables are tiny, making them easy to snatch while left in a gym, for instance. Since they require little authentication, thieves – or virtually anyone else – can then access all the data stored on them at leisure.

BYOD (bring your own device) policies – where in place – rarely address the new challenges posed by wearables. Most mobile device management systems are still untested in scenarios where corporate wearables feature widely in company networks.

Most, if not all, wearables are connected. They synchronise data with cloud based services or corporate servers. Most of these data are unencrypted. Companies cannot enforce encryption, since these are third party apps. Their embedded software is beyond the reach of a corporation customising its software or making it more secure. This invokes a classic man-in-the-middle attack scenario in which data in transit is totally exposed.

“I spy with my little eye…”

A good many wearables can transmit video, audio, and data. This makes them perfect for spying. Indeed, not a few corporate wearables sell precisely because of their crypto-spying capabilities, like tracking employee location, monitoring driving safety to cut corporate car insurance bills, or even observing employee moods.

Over-monitored employees can turn the tables on their employers, however, by recording images or sound during sensitive corporate meetings. (What is more, some of them could do so entirely unintentionally.) Checking every wearable for activated spying capabilities is an uphill task even for multinationals.

An active wearable usually links to smartphones or tablets through protocols like Bluetooth, NFC, or Wi-Fi/wLAN. Bluetooth, for one, is quite prone to hacking, jeopardising corporate wearables connected or communicating with other devices via Bluetooth. An unsecured Bluetooth connection can be snooped from up to 100 feet, making it easy for a penetrator to hide. The same applies to unsecured Wi-Fi networks inside or outside the office.

Fragmentation versus standardization

Highly fragmented as the wearables industry is, it might find it worthwhile to invest into basic compatibility and communications security standards. It should easily afford to do so, with a 2016 turnover expected to be an impressive $28.7 billion. Indeed, some months ago UL (formerly Underwriters Laboratories) announced it was looking to certify wearables for security and privacy. The move addresses individual privacy, however, leaving corporate concerns unattended.

Many manufacturers install proprietary software and operating systems into their wearables. They often do not support secure third party apps, yet allow unsecured apps to run on their devices. Patching and securing a wearable largely depends on its maker’s goodwill and dedication to improving device software continuously.

Since 37 percent of employees expect their companies to roll-over older technology for the latest, transiting to newer and more secure corporate wearables should be easy.

Enlightened self-interest

Companies can further motivate corporate wearable users into accepting secure new devices by highlighting the risk to their most intimate personal and domestic security. While it is very chic to sport the latest wearable, some devices will soon be able to communicate with the Internet of Things and control home appliances and security. Should unsecured devices be hacked, the consequences are potentially hair-raising.

Corporate wearables adoption is burgeoning and backed by a rapidly growing number of employees. Businesses, however, should be very wary of just what they offer their employees in the way of wearables while the security aspects remain unaddressed.

By Kiril Kirilov

Maxim Melamedov
Trouble is Brewing Cloud Paradise - 2023 Will Determine Company's Long-Term Plans for Cloud Use The relationship between developers and the cloud was practically love at first sight. For years, migration to the cloud in ...
Gary Bernstein
The Dangers of Facial Recognition Technology Facial recognition technology has become increasingly prevalent in our daily lives, from unlocking our phones to boarding airplanes. While this technology may seem convenient, its implications go far beyond ...
Frank Suglia
Migrating Microsoft Office 2013 As of April 11, 2023, Microsoft will stop supporting Office 2013. The decision to end support for Office 2013 should come as no surprise. Over the past several years, Microsoft has ...
Tosin Vaithilingam
Navigating Economic Uncertainty: Strategies for IT Leaders and MSPs Lately, it seems that each day brings news of more economic uncertainty. Companies that have been navigating the pandemic for the past two and a half ...
Mark Ardito
OPEX is the new battleground I recently wrote in CloudTweaks about how cloud is forcing CIOs to work more closely with their C-suite colleagues to sell the benefits and its role as a business driver ...
Cybersecurity Bootcamps To Help Build Your Career
Cybersecurity Bootcamps We've discussed the importance of training and the hiring of cybersecurity professionals many times on CloudTweaks over the past 10+ years. Now more than ever as the world enters into a dark era ...
10 Leading Open Source Business Intelligence Tools
Open Source Business Intelligence Tools It’s impossible to take the right business decisions without having insightful information to back up the decision-making process. Open Source Business Intelligence Tools make it easier to have our raw ...
John Peluso
Save Your Organization on Cloud Costs Organizations of all sizes are currently navigating their plans to avoid the recent surge in cyber-attacks and data breaches and preparing for unforeseen setbacks. Building a sensible backup and ...