Is wearable technology in the workplace a security risk?

17 September 2015

2 min read

Smartwatches and other wearable gadgets have caught on with consumers enough to merit close consideration by IT security professionals.

Is wearable technology in the workplace a security risk? (Desktop)

While it remains to be seen if lofty predictions of 200 million wearables in use by the year 2018 are met, enough of the devices are already being worn in the workplace to warrant consideration of Wear Your Own Device (WYOD) policies.

Wearables such as smart-watches, smart glasses and activity trackers offer communications and data gathering benefits that can be put to good use in the office. Employees using wearables such as motion monitors (as found in the Apple Watch) were found to have improved productivity and job satisfaction. Fitness trackers, whether standalone or integrated into smartwatches, are motivational devices for exercise and wellness, and can be integrated into company-sponsored wellness programs.

From an employer's point of view, smart gadgets can enhance job roles through custom apps for specialised communications and contextual information delivery. For example, Skylight is a Google Glass enterprise app that allows sharing of individual camera views, user authentication and the flexibility to integrate with other company data systems. For healthcare providers, Beam is a secure platform to share text, video and location; useful to remotely diagnose patients if doctors aren't available then and there.

Most wearables also feature embedded location and motion sensors capable of gathering worker activity data, providing employers with a clear picture of where time is being spent - (ideally) not to punish the idling, but to improve organisational workflow; for example, in factories and warehouses.

Though consumer adoption of wearable technology is still low, security is becoming an active concern when it comes to using these devices in the workplace. According to a PricewaterhouseCoopers survey, 86 percent of respondents worry that wearables could make them more susceptible to data breaches; for example, where hackers may hijack device-based cameras to steal sensitive enterprise information. Many of today's wearables also lack the secure authentication and/or remote wipe capabilities of smartphones that offer some defence when a device is lost or stolen. Similarly, VPN and other secure networking protocols are uncommon on consumer wearables, leaving them vulnerable when connected to unsecured WiFi networks or tethered to smartphones via Bluetooth.

Security expert Sean Ginevan of Mobleiron likened today's furor around wearables to the early days of smartphones, when devices were geared towards consumers and not workplaces. "Wearable operating systems are in their infancy from an enterprise perspective," he said. Ginevan added that while wearables are already capable of displaying business content, employers need to take additional measures to keep that information secure. "Enterprises should look to enable their own controls to wipe corporate data and encrypt data at rest," he said.

Just as IT departments adopted Bring Your Own Device (BYOD) policies a decade ago, so too should they carefully consider WYOD guidelines today. Getting ahead of the game and adopting basic guidelines for using wearable devices in the workplace can lay the groundwork for more comprehensive and nuanced policies down the road, if and when consumer adoption of smart, wearable technology becomes widespread.

HP Elite X2