Security Risks Lurk Behind Corporate Wearables Adoption

Security risks and wearables adoption

Wearables makers were expected to sell 274.6 million devices in 2016, according to a Gartner report. Nearly three quarters of millennials, 71 percent, say their companies should give them wearables like smart watches or smart glasses, shows a PwC survey. Almost half – 49 percent – backed their techno lust by claiming that wearables would boost productivity. Corporate wearables adoption, however, comes at the price of myriad unexplored and unaddressed security risks.

“All I want is easy action…”

Wearables are tiny, making them easy to snatch while left in a gym, for instance. Since they require little authentication, thieves – or virtually anyone else – can then access all the data stored on them at leisure.

BYOD (bring your own device) policies – where in place – rarely address the new challenges posed by wearables. Most mobile device management systems are still untested in scenarios where corporate wearables feature widely in company networks.

Most, if not all, wearables are connected. They synchronise data with cloud based services or corporate servers. Most of these data are unencrypted. Companies cannot enforce encryption, since these are third party apps. Their embedded software is beyond the reach of a corporation customising its software or making it more secure. This invokes a classic man-in-the-middle attack scenario in which data in transit is totally exposed.

“I spy with my little eye…”

A good many wearables can transmit video, audio, and data. This makes them perfect for spying. Indeed, not a few corporate wearables sell precisely because of their crypto-spying capabilities, like tracking employee location, monitoring driving safety to cut corporate car insurance bills, or even observing employee moods.

Over-monitored employees can turn the tables on their employers, however, by recording images or sound during sensitive corporate meetings. (What is more, some of them could do so entirely unintentionally.) Checking every wearable for activated spying capabilities is an uphill task even for multinationals.

An active wearable usually links to smartphones or tablets through protocols like Bluetooth, NFC, or Wi-Fi/wLAN. Bluetooth, for one, is quite prone to hacking, jeopardising corporate wearables connected or communicating with other devices via Bluetooth. An unsecured Bluetooth connection can be snooped from up to 100 feet, making it easy for a penetrator to hide. The same applies to unsecured Wi-Fi networks inside or outside the office.

Fragmentation versus standardization

Highly fragmented as the wearables industry is, it might find it worthwhile to invest into basic compatibility and communications security standards. It should easily afford to do so, with a 2016 turnover expected to be an impressive $28.7 billion. Indeed, some months ago UL (formerly Underwriters Laboratories) announced it was looking to certify wearables for security and privacy. The move addresses individual privacy, however, leaving corporate concerns unattended.

Many manufacturers install proprietary software and operating systems into their wearables. They often do not support secure third party apps, yet allow unsecured apps to run on their devices. Patching and securing a wearable largely depends on its maker’s goodwill and dedication to improving device software continuously.

Since 37 percent of employees expect their companies to roll-over older technology for the latest, transiting to newer and more secure corporate wearables should be easy.

Enlightened self-interest

Companies can further motivate corporate wearable users into accepting secure new devices by highlighting the risk to their most intimate personal and domestic security. While it is very chic to sport the latest wearable, some devices will soon be able to communicate with the Internet of Things and control home appliances and security. Should unsecured devices be hacked, the consequences are potentially hair-raising.

Corporate wearables adoption is burgeoning and backed by a rapidly growing number of employees. Businesses, however, should be very wary of just what they offer their employees in the way of wearables while the security aspects remain unaddressed.

By Kiril Kirilov

Ronald van Loon

Operationalizing AI at Scale with ModelOps

Scaling with ModelOps Putting artificial intelligence (AI) into production can be a frustrating experience for organizations, one often destined for failure. In fact, only 53% of AI projects actually move past POC and into production ...
EV Sales

Growth of Electric Vehicles – Heading In The Right Direction

Growth of Electric Vehicles The global electric vehicle market is projected to reach $802.81 billion by 2027, registering a CAGR of 22.6%.1 The highest revenue contributor was Asia-Pacific, which is estimated to reach $357.81 billion ...
Mark Barrenechea

So are Bad and Stranger Things—the Negative Impact of Technology

Negative Impact of Technology Cyberattacks and information breaches are happening every day, from influencing the outcomes of elections to bringing down businesses to massive data breaches of personal information. In fact, every 39 seconds a ...
Jen Klostermann

Enterprises Starting To Embrace Blockchain-as-a-Service (BaaS)

Blockchain as a Service (BaaS) Many global companies have already implemented Blockchain-as-a-Service (BaaS) into their cloud offerings. There isn't any question that offering BaaS can serve as a differentiator for many companies. Not to mention, ...
Big Data Explosion

Developing Machine Learning-based Approach for Optimizing Virtual Agent (VA) Training

Optimizing Virtual Agent (VA) Training Achieve NLU model’s precision, recall & accuracy up to 78% The success of any Virtual Agent (VA) depends on the training of its Natural Language Understanding (NLU) model prior to ...
Mark Rochester

Why Remote Migrations are Essential for Business Continuity

Remote Business Continuity We are approaching a banner year for the cloud. The COVID-19 pandemic has highlighted the importance of cloud technology to enable resilience and business continuity, and it will be a critical time ...