Wearables At Work: 9 Security Steps Worth Taking - InformationWeek
Data Management // IoT
07:06 AM
Lisa Morgan
Lisa Morgan
Connect Directly

Wearables At Work: 9 Security Steps Worth Taking

Wearables are finding their way into organizations, whether or not IT departments are prepared to deal with them. As the number of endpoints continues to grow, so does the potential for hacks. These nine pointers will help you prepare your organization to keep ahead of threats.
1 of 10

(Image: Unsplash via Pixabay)

(Image: Unsplash via Pixabay)

Wearables, like smartphones, laptops, and Macs before them, are finding their way into the enterprise. Healthcare and fitness devices are the most popular options today, followed by smartwatches and smart glasses, according to a recent survey by PricewaterhouseCoopers (PwC).

Meanwhile, some companies are issuing fitness devices as part of wellness programs to reduce health insurance costs. In some cases, businesses are collecting or monitoring data that was not previously available without the written consent of employees. Regardless of who owns the devices, IT departments, security personnel, and corporate leaders need to be prepared for unanticipated breaches.

"It's fairly easy to listen to these devices because they use unencrypted [Bluetooth Low Energy]. For under $100, somebody could build a device that will listen in on that communication," said Robert Clyde, CISM and board director of IT governance association ISACA, in an interview. "Generally, you have to be 30 feet or closer, but with an amplified antenna you can do this from well over 100 feet away, which means no one would know you're nearby."

[What is your wearable saying about you? Read Fitbit, Other Fitness Trackers Leak Personal Data: Study.]

According to Clyde, hacking into an individual's healthcare or fitness device could be valuable from a competitive business standpoint if a person's heart rate were monitored in the context of a business negotiation. Because health monitors are maturing from simple consumer devices to more sophisticated "medical-grade" devices, the risk to individuals could include employment discrimination, blackmail, contract interference, damage to reputation, or privacy invasion. From a corporate standpoint, the new streams of data -- and how they're dealt with in transit and at rest -- may raise red flags with HIPPA, ADA, or other regulations that require strict compliance.

In short, the scope of attacks, and their potential fallout, have not been completely contemplated, nor has the potential effect wearables could have on enterprise security.

"Tracking steps is not very interesting, but if the device is used for access control or identity confirmation, the consequences can be more severe," said PwC principal Mike Pegler, in an interview. "It's important to think of these as a system. The weakest link of the chain could be the point of entry."

Disney reportedly spent $1 billion on MagicBands for visitors to its Magic Kingdom. Guests can use the bands to unlock their hotel room doors, authenticate themselves, make purchases, and relay other types of information, which Disney can use to personalize visitor experiences (and, presumably, encourage more spending). The same capabilities can be used in business settings to simplify tasks such as authentication and access, and to improve efficiency and safety. Whether clothing, visors, wristbands, or other form factors, the number and types of wearables is predicted to explode. As a result, companies need to contemplate the potential effect on the workplace.

"Anyone wearing or utilizing these devices needs to realize that the information they are inputting, such as personal information, credit card information, and medical information, is susceptible to hacking attacks," said Matti Kon, president and founder of software development company and system integrator InfoTech, in an interview. "Devices built on cloud computing [are] vulnerable to possible data breaches, and this information is very valuable to hackers."

Of course, the usual security practices still apply. But, there are always new ways to breach existing systems and exploit new endpoints. To help minimize the fallout of a breach, consider these suggestions.

Lisa Morgan is a freelance writer who covers big data and BI for InformationWeek. She has contributed articles, reports, and other types of content to various publications and sites ranging from SD Times to the Economist Intelligent Unit. Frequent areas of coverage include ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 10
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
AI & Machine Learning: An Enterprise Guide
James M. Connolly, Executive Managing Editor, InformationWeekEditor in Chief,  9/27/2018
How to Retain Your Best IT Workers
John Edwards, Technology Journalist & Author,  9/26/2018
10 Highest-Paying IT Job Skills
Cynthia Harvey, Contributor, NetworkComputing,  9/12/2018
Register for InformationWeek Newsletters
Current Issue
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll