Is your organization safe from all these connected devices?
These wearable devices represent some appealing opportunities for businesses to increase efficiency and gather data, but in the rush to win market share, security concerns are taking a backseat for many manufacturers and app developers. The potential ramifications of unchecked wearable device usage within the enterprise are alarming.
1. Easy Physical Access to Data
The fact that many wearables store data on the local device without encryption is a real issue. There’s often no PIN or password protection, no biometric security and no user authentication required to access data on a wearable. If it falls into the wrong hands, there’s a risk that sensitive data could be accessed very easily.
2. Ability to Capture Photos, Videos and Audio
The kinds of discreet abilities that many modern wearable devices have in terms of video and audio surveillance surpass high-end spy gear from just a few years ago. It’s easy for someone to surreptitiously take photographs or record video or audio files using something like a smartwatch or smart glasses. Covert capture of confidential information, and videos and images of sensitive areas, is a very real possibility.
3. Insecure Wireless Connectivity
The fact that wearable devices tend to connect to our smartphones or tablets wirelessly using protocols such as Bluetooth, NFC and Wi-Fi creates another potential point of entry. We may have Bluetooth on our smartphones turned on all the time now so they can sync with the wearable, but what else could be connecting? Many of these wireless communications are insufficiently secure to guard against a determined brute-force attack. The first step for securing networks is simply to get visibility on how many connected devices there are. One-third of the organizations surveyed by AT&T recently revealed they have more than 5,000 connected devices.
4. Lack of Encryption
We already mentioned the lack of encryption on many wearable devices, but there are also serious issues with data in transit when it’s being synced and with data being stored on manufacturer’s or service provider’s cloud servers. Some third-party apps neglect basic security standards and send or store information that’s not encrypted. The kind of data that’s automatically being collected by wearables is very valuable to the right people.
5. No Regulation or Compliance
Because many of the security issues around wearables really have to be addressed by the manufacturers, the issue of whether they’ll self-regulate or be bound by government regulations is an important one. In either case, companies suffering a data breach that breaks compliance or regulatory requirements for their specific industry will not be able to shift the blame onto wearables. They’ll still be held fully accountable. Ignorance of wearable device security and manufacturer or third-party app policy is no defense.
6. Patching and Vulnerabilities
Many wearables run their own operating system and applications. As wearable devices become more common, they’ll also become bigger targets for hackers. The same principles that apply to keeping the software on your desktops, laptops, smartphones and tablets fully patched and up to date to avoid the latest vulnerabilities also apply to wearables. But there’s a lack of insight and policy to cater for this issue right now.
7. Current MDM Policies Don’t Cover Wearables
We can’t assume that MDM (mobile device management) systems developed to deal with the BYOD trend can also cater to this influx of wearables. For the sake of convenience, mobile platforms generally make it easy to share data between apps and devices. Because wearables work differently from smartphones, there are many unforeseen circumstances where they pose new security risks. Banning or restricting features is not a sound long-term strategy, so companies need to rethink policies, draft new plans and employ new services to deal with mobile device management.
The security challenge with wearable devices is by no means insurmountable, and the wearable trend will undoubtedly be a real boon for many industries, but it’s important that the enterprise starts to treat it more seriously. Cisco predicts there will be more than 600 million wearable devices in use by 2020.
We need a plan to make sure they’re safe and secure.
This article was recently published in Network World.
Image courtesy of Cutcaster.