Wearable technology – Apple Watch, Fitbit or Google Glass – has gone mainstream. Businesses that have addressed security issues involving employees’ smart phones and tablets in the workplace now must take a close look at the possible security and privacy issues created by wearable technology in the workplace.
The issues wearables bring to the table are just as relevant to small business owners as they are to CEOs of major companies. This article looks at the potential risks and ways to tackle this complex issue. (The company-sanctioned use of wearables on the factory floor to improve safety and on the sports field to monitor training is worth a separate discussion.)
Wearables comprise four main categories: smart glasses and headgear, smart watches, wearable medical devices and fitness trackers. All of these have one or more features that:
- sense and translate data;
- collect and prepare data for transmission; and/or
- transmit data to off-site storage for processing and reporting.
In simpler terms, some workers arrive at work with technology that wouldn’t be out of place in a spy movie. Many of the devices available to consumers are able to go way beyond their primary function – e.g., the more expensive fitness trackers also monitor vital signs and offer email and Internet connectivity. The same is true for smart watches that also allow users to pay for goods and services.
You get the picture. It’s not hard to see how the Internet of things – the connectivity that links an employee’s watch to a personal mobile device that in turn has access to a company’s network where sensitive financial and customer information is stored – suddenly becomes a cyber-security nightmare. All this seemingly innocuous personal technology could be used by an employee, or by a cyber thief hacking into the unwitting employee’s wearable technology. Wearables also can infect other data sources if they harbor malware.
Businesses both small and large need security policies for wearable technology. It is important to add this issue to employee training. Employees must understand that cyber-crooks armed with signal interceptors can highjack wearables without the owner’s knowledge, and that workplace restrictions on wearables do not mean that individual employees are under suspicion. You will want to devise your own regulations, but consider the following cyber-security recommendations with regard to both wearables and traditional technology.
- Employees wearing smart watches should use the maximum security level available when they sync the watch with their smart phone.
- Encryption must be used every time confidential data (including passwords) are transmitted from wearables to other data sources.
- Businesses should install (and update frequently) the most up-to-date malware detection programs capable of finding threats, regardless of where the problem originates.
- Businesses must protect themselves against industrial espionage by limiting, or prohibiting, smart phone usage and wearables in meetings where sensitive/confidential information is shared, and in research labs where product prototypes may be on display.
As technology continues to evolve, so do the risks and issues involved in its use. Awareness and the inclusion of employees in efforts to limit risk are vital tools in maintaining cyber-security.