Wearables at work: Are smartwatches secure enough for the office?


Following Mobile World Congress and with Apple Watch set to launch in April, wearable technology has once again taken centre stage.

From a security perspective, we have not seen any deliberate attacks aimed at smartwatch devices thus far, probably because the adoption of these devices has not yet reached the critical mass necessary to pique the interest of cybercriminals. However, this does not mean that they won’t try in the near future.

The wearable dilemma: what are the security concerns?

There are many potential risks that wearable technology could pose within an enterprise environment. Firstly, hackers could use poorly configured smart gadgets as backdoors into a corporate network. This is down to the fact that they are currently lacking the proper security mechanisms. Rather worryingly, the expected fast-paced and widespread adoption of these devices is likely to leave little time for implementing security standards on a global scale.

Secondly, most wearables can be charged via USB. Imagine what would happen if a user were to have his home laptop infected and somehow got his wearable to piggyback a Trojan onto his work laptop. USB vulnerabilities have been exploited by attackers for a long time, and it stands to reason that wearables or anything Internet of Things (IoT) related will be used to spread malware in the future.

There is little IT administrators can do to prevent these types of attacks, other than disabling access to USB-enabled peripherals. Another solution would be to ban wearable technology in the workplace, but we don’t believe that is really an option. In light of this, IT departments must set up new standards and protocols to manage the plethora of wearables and smart devices ready to connect to enterprise Wi-Fi networks.

Wearables at work: what are the challenges?

For businesses and IT departments looking to implement wearable devices, security and privacy challenges will of course be encountered. The connected world of IoT devices is already beginning to drive changes in the industry and new regulations and security frameworks will have to account for current IT limitations on network architectures.

An obstacle businesses are already facing is the inability to store, access and interpret the data in time due to its volume and speed. In order to counteract this issue, firms should consider a redesign in the architecture of data infrastructures as well as a more comprehensive strategy for storage.

Wearable devices should be regarded as mobile devices, but with ultimate portability and the potential to affect businesses in a way no other gadgets ever have. For example, imagine employees walking around the office with Google Glasses on and attending meetings or reading important documents. This type of technology would access some of the most well-kept company secrets, and with serious consequences if an attacker were to gain access to it.

Google Glass has probably taught us a thing or two about wearables and privacy, too. Some countries already have laws and regulations regarding surveillance and data protection meant to protect individual rights; for example, the UK has both the Data Protection Act and CCTV Code of Practice to refer to when considering Google Glass.

We strongly advise that companies enforce some guidelines or regulations regarding the use of wearable technologies, to include banning wearables capable of audio or video recording during conference calls. Unquestionably, as the wearable revolution grows in popularity, IT departments will have their hands full trying to keep up with the latest gadgets and advancements.

Wearable Technology: A Quick Guide

Alexandru Catalin Cosoi is chief security strategist at Bitdefender