Businesses Need to Implement Strict Security Measures alongside Wearables

The Apple Watch release in April was refreshing. As Google Glass and other “revolutionary” pieces of personal technology continue to come up short and experience developmental delays, it was nice to see Apple launch the first mass-market smart watch. However, along with innovative technology comes potential concerns. How will wearables in the workplace affect security?

Risks of Wearables in the Workplace
The biggest potential issue associated with wearables is that they are personal. They can go anywhere, with anyone, and contain large amounts of personal data. Many wearables continuously run and never stop gathering data and information—which makes them extremely valuable to the user, but also enticing to hackers and cybercriminals.

That is why businesses have to be smart with how they approach wearables in the workplace. Until wearables become more mainstream and commonplace in business, sophisticated security solutions likely will not exist. That means it is up to individual businesses and their employees to develop smart practices to avoid the following potential risks:

• Data leaks—Perhaps the biggest risk is that smart devices (wearables included) store so much data. Just as hackers target smartphones, they will also go after wearables to access proprietary data and sensitive information. The problem for businesses is that every new device creates a unique entry point—making the risk of compromised data that much greater.
• Violations of privacy—From an employee perspective, it is possible that data leaks coming from wearables could lead to personally identifiable information (PII) identity theft. According to the National Institute of Standards and Technology, this is “any information about an individual maintained by an agency.” Under that definition, private information refers to (1) anything that can be used to identify or distinguish a person’s identity (name, address, social security number, etc.) or (2) any information that can be linked to an individual (educational background, financial information, employment history, medical records, etc.). Because wearables gather so much personal data, a leak could result in serious PII identity theft.
• Network security—As mentioned, for every new device, there is a new network entry point. For large corporations and enterprises, it will be virtually impossible to train employees for every situation. Even one oversight by a single employee could be enough to compromise network security.

Top Ways to Secure Wearables
So, how can businesses and employees band together to make wearables more secure in the workplace? It will take a major effort on the part of everyone and certainly will not be a minor undertaking. However, with the following tips, businesses should be able to get started in the right direction.

• Additional layers of security—Security layers will be extremely important for wearables. This requires an effort from everyone—including app developers, hardware manufacturers and network administrators. By creating three layers of security—one on the physical device itself, one for each individual app and one on the device network—the risk of data leakage can be mitigated. Within each of these security layers there are various security options, including passwords, access control, biometric entry and more.
• Data classification—On top of multiple security layers, companies should be cautious with the access they grant to employees. There should be specific classification levels and only employees that need certain data should have access. Systems can be programmed to only grant access to devices based on pre-established clearance levels.
• Staying up-to-date—Businesses that choose to incorporate wearables into the workplace need to cautiously follow developing laws and regulations. Because wearables are so new, the rules surrounding them are constantly changing. Businesses must be careful with what information they collect and what data they protect. Otherwise, companies could find themselves in legal trouble down the road.
• Educating employees on rules—Furthermore, businesses need to carefully relay information to employees. As is the case with any BYOD policy, employees need to know what information they can and cannot access via the device, whether certain apps are allowed to be downloaded, and when and where the device can be powered on.

According to Steven Bjarnason, a senior information systems security analyst for a Virginia-based cybersecurity services firm, “Businesses should already have information and network-security policies in place to cover many of the concerns applicable to wearable technology.” In other words, you cannot allow wearables and then develop a strategy for securing them.

Businesses already need to have answers to the following questions:

• What types of wearable devices can employees wear?
• Can employees purchase their own wearables or will they be company provided?
• Can employees access business documents, data and information on these devices?
• Are employees permitted to mingle personal and business data on the same device?
• What type of information is determined to be personal?

For businesses that choose to allow wearable devices, these and other questions will become extremely important in the months and years to come. Where do you stand?

Larry Alton
Freelance Writer

[ISACA]