Most businesses are still grappling with BYOD relative to smartphones and tablets. Now, an entirely new set of challenges emerges with wearable tech like smart watches and other Internet of Things (IoT) devices, such as location beacons, connected eyewear, and more. Should your BYOD policy be expanded to include wearables? Are there security risks associated with these devices? Yes and yes. Here’s what you need to know.
Smart watches are just the beginning. Connected glasses, apparel, footwear, cars, and other IoT devices will soon be flooding the marketplace and being used to access your network.
Most smartphone and tablet manufacturers have at least begun to build security features into the devices from the ground up. In fact, these devices typically come with default settings that are more than adequate in terms of security. Wearables and other IoT devices, not so much. Most of these devices are developed to be lean and light, both in terms of physical size and software and features. That’s what makes them so portable. When considering the cyber security risks of any wearables that will be used to access your systems or network, realize that these devices probably lack the security you’re used to seeing from smartphones and tablets. Security experts predict that at least one significant data breach will be achieved via the IoT this year. Make sure it isn’t your data.
Apps for wearables are typically designed for one function, or a specified set of functions, such as health monitoring or connecting with smartphones or to a smart home or car. These apps, like the devices themselves, are designed to be lightweight, small-footprint, and simple to use. In fact, simplicity is the number one design consideration when developing wearables, because users simply won’t access devices that are overly complex or too time consuming. That means that these apps generally lack basic security features that are built into most mainstream applications, especially those designed for business use. It’s usually safe to assume that any given app from a third-party developer has zero or next to zero in terms of security features. For those concerned about business network security, either design your own applications to be used with the wearables on your network, or specify which apps are and are not acceptable in your BYOD policy.
As with laptops, smartphones, and tablet computers, often the ignorant or inattentive user is more dangerous than an app or device with a known vulnerability.
As with smartphones, tablets, and even your desktop systems, the primary security risk is the users. Few of the users are motivated by greed or ill intent; most of the user threats come from ignorance, a lack of paying attention, or a combination of the two. User security issues range from downloading nefarious apps or apps that lack security to leaving devices in dangerous places, such as at a cafe or in a bus terminal. Users may lack the knowledge to detect malware or spyware on their devices, and might inadvertently allow their passwords or login credentials to wind up in the wrong hands, leaving your network wide open to intrusion.
Education can go a long way toward closing the gaps in user security. Back the education up with rigorous BYOD policies that specify what apps are allowed on devices that access the network and which wearables are allowed to access the network or business systems.
For now, the number of apps available for wearables is quite limited. As those apps grow in number and complexity, it will likely be necessary to revisit your BYOD policies. You can start getting your business network security prepared for wearables and the IoT by requesting a quote from Turn-key Technologies today.
March 7, 2016
Please, rotate your device