Five Potential Security Concerns Related to Wearables
The use of wearable technology is on the rise, spurred by the recent launch of the Apple Watch. Forward-thinking enterprises are looking to wearables as another opportunity for mobile technology to drive greater efficiency, enhance communication and improve workflow. The launch of enterprise-focused wearable apps, such as Salesforce and Zoho, is pushing the adoption of WYOD (wear your own device) within enterprise organizations. In fact, research shows that more than 200 million wearables will be in use by 2018.
As these devices grow in popularity, so do concerns over security. In fact, according to a 2014 report by Pricewaterhouse Coopers, 86 percent of respondents expressed concern for wearables increasing the risk of data security breaches. With enterprise-sensitive information now being transferred from wrist to wrist, businesses should prepare early and create security policies and procedures regarding the use of wearables within the enterprise.
In this slideshow, Accellion describes five potential security threats that enterprises need to consider and address related to WYOD.
WYOD Security Issues
Click through for five potential security threats that enterprises need to consider and address related to wearable devices, as identified by Accellion.
You Don’t Have to be a Hacker
Not a day goes by without news of security breaches at the hands of hackers. The truth is that without built-in PIN protection or security fingerprinting, just about anyone can access the contents stored on a wearable. If a device is lost or misplaced, anyone potentially has access to the information, since wearables have the ability to store data locally without encryption, PIN protection or user-authentication features.
Solution: Device manufacturers must take measures to strengthen user data protection. Privacy can be exponentially improved by enforcing security protections such as the requirement for unique and complex passwords, as well as the encryption of communications and data storage.
Spy Gear for the Twenty-First Century
Secret agent technology popularized in television from the 1960s is becoming more of a reality as devices continue to permeate popular culture and modern business. Wearable devices allow users to easily and discreetly capture video and audio. As everyday items such as watches and eyeglasses are turned into wearable smart devices, it becomes difficult to curtail surveillance and protect information derived from the images collected. Wearables tend to be small and more discreet, which makes it easier than ever to steal data-sensitive information.
Solution: Video and audio captured by wearable devices should be controlled by policy, and regular checks and controls should be put in place to ensure enforcement of those policies. For example, companies can create an acceptable-use policy highlighting when and where wearable video / audio recording capabilities are allowed. This policy can be enforced by requiring both the employer and users to sign a written agreement, acknowledging that they have read and understand the policy. Enterprises can also require use of software applications to ensure that any captured video and images are stored in an encrypted secure container under IT control.
An Open Window of Opportunity for the Persistent
Bluetooth and Wi-Fi communication between wearable devices and paired smartphones is another area of vulnerability for enterprise data. Recently, security firm BitDefender demonstrated that the Bluetooth communication between Android devices and smartphones could be deciphered using brute-force attacks. Rather than focusing in on software vulnerabilities, hackers opt for persistent trial and error, trying username and password combinations until they crack the code and are able to access contents stored on devices.
Solution: Businesses should consider restricting wearable device capabilities that pose the most risk, including disabling certain features and restricting where in the organization wearable technology will be allowed or prohibited.
Black Market Data
A major concern for individuals is the sale of sensitive information tracked by wearable devices. Such data is highly sought after by third-party advertisers and marketers. Additionally, data transfers between parties have the potential to be intercepted by hackers.
Solution: IT departments need to keep security top of mind. IT app developers have the option to build their apps from the ground up with a strong focus on security using robust data encryption to prevent hackers from accessing data.
Where Are My Keys?!
Would you share your house keys with your neighborhood? Probably not. The same mindset should apply to your data. When storing information in a public cloud, enterprise data is placed at risk since encryption keys are also in the hands of the cloud service providers and architects.
Solution: Whether information is being stored via smartphones or wearables, organizations should be aware of the risks associated when using the public cloud. Enterprises should consider facilitating a private cloud on-premise storage solution that guarantees ownership of encryption keys for maximum protection and control over stored data.