In a move that seems less like science fiction every day, the U.S. National Security Agency is looking at ways to leverage wearables and other Internet of Things (IoT) consumer devices to monitor potential targets and serve as a key resource for gathering foreign intelligence.
NSA Deputy Director Richard Ledgett revealed at a recent conference that the NSA is exploring the idea of conducting surveillance through biomedical devices like pacemakers as another “tool in the toolbox” of spy tactics. Earlier this year, U.S. Director of National Intelligence James Clapper testified that while smart devices deliver efficiency and convenience benefits, they also introduce security gaps that intelligence agencies might choose to exploit for surveillance, monitoring, and location tracking.
What may become an opportunity for government spy games looms as a big security headache for IT as wearables become entrenched in the enterprise. Fueled by sales of Fitbits and the Apple Watch, 111 million wearable devices will ship this year, according to IDC, with nearly 215 million units hitting the market by 2019. In addition to employees bringing their own wearables into the workplace, many enterprises are experimenting with equipping staff with a variety of devices to increase productivity, enhance communication, or improve workflow. Wearables can be leveraged as training devices, serve as hands-free guides to manufacturing procedures, and speed access to information in real time, among many emerging use cases.
Yet while organizations are hungry to exploit the potential of wearables in the workplace, there are growing concerns about security and data privacy. Whether it’s a government agency snooping or cyber criminals looking for a new way to gain entrance to corporate data, wearables further increase the scope of potential vulnerabilities.
Designed to be small and relatively inexpensive, wearables often lack secure authentication, PIN protection, and remote wipe capabilities typically found in smartphones or other mobile devices. Moreover, VPN and other standard corporate secure networking protocols are typically not supported with wearables, making them more vulnerable to infiltration when connected to unsecured Wi-Fi networks or synced up to smartphones via Bluetooth.
Concerned yet? You should be. Here are some ways to factor wearables into your enterprise security plan:
Understand the specific threats. To establish adequate safeguards, you have to know exactly where you are vulnerable. Understanding what kind of data the wearable may have access to as well as what it’s capturing during usage can help establish access controls that will reduce leaks and prevent privacy violations, particularly for companies in highly regulated industries like healthcare.
Enforce standard security policies. Short of coming up with a special Wear Your Own Device (WYOD) plan, companies should amend existing policies to enforce common security protections like the requirement for unique passwords. Some companies are also using authentication such as biometrics and geofencing on the wearable device itself to serve as an authentication token for accessing other business systems.
Set limits. Certain features – the Bluetooth setting for sharing data between a wearable and a smartphone, for example – should be disabled in the workplace to ensure data is properly secured. It’s also reasonable to set limits on where and how wearables can be used within the corporate environment as part of acceptable use policies.
Extend enterprise mobility management (EMM) strategies. Not all EMM platforms encompass security and management capabilities for wearables yet, but they’re coming. Make sure your platform extends common tools like containerization to wearable devices.
Wearables in the workplace are a here-and-now challenge for security professionals. Having the right safeguards and policies in place will keep your company out of the crosshairs and prevent any risk of exposure.Posted by Beth Stackpole Posted on 30 Jun