BYOW is the newest acronym to learn—bring your own wearables. It was only a matter of time until we started talking about wearable technology in the workplace. According to a CNBC article, the wearable technology market is expected to reach $18 billion by 2019. That includes smart watches, eyewear like Google Glass, and fitness trackers. It’s easy to forget about things like fitness trackers because they are so personal and not something the average person would use for work, but how many employees are wearing their fitness tracker to work and letting it download data via the company network. Once they do that, it becomes an IT and security concern.
Mike Elgan wrote in a Baseline article:
Looking at it that way, BYOW screams security threat, doesn’t it?
The CNBC article adds another security concern with wearables—they are a cybercriminal magnet:
While the tiny screen, processor and memory means that not much data will be on the device, the data will typically be the most important bit. It might not have all your emails, but it will have the subject lines and senders' names. It might not have your entire calendar but it will tell a hacker who you met recently, along with where and when. It might not have your company's entire sales pipeline but it could have alerts for where you are relative to the quarter's targets.
To make matters worse, security isn’t built in to many of these wearable devices. For instance, when that fitness tracker is sending an update about your steps to your friends and to a website, chances are that information isn’t encrypted. So what’s the big deal, it’s just steps, right? Yes, but now a hacker also knows where you took those steps, when you took those steps, and other personal details about you. It may have used a wireless connection that wasn’t secure, as well. Eventually, that data can become the hook needed to glean more information about you or from the network.
Well then, what about wearables that do share more sensitive information, particularly within the workplace? When discussing BYOD policies, password protecting the devices is usually the top concern along with using better authentication methods and avoiding public Wi-Fi. However, many wearables have weak, if any, authentication or password protections.
Perhaps Tony Bradley, an analyst with Bradley Strategy Group in Houston, summed up the concerns of BYOW best in a Fox News article:
We should be vigilant about potential threats and use common sense about which companies or services are trusted to access or store sensitive personal information, and think twice about installing apps or allowing third-party companies to access information on wearable devices.