We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.

Enterprise Wearables: Mitigate Security Risks

Download our in-depth report: The Ultimate Guide to IT Security Vendors

By Nazar Tymoshyk and Stanislav Breslavskyi

Today technology is interwoven into our daily lives as never before, but how secure is the data that we feed into our devices? With the progress of wearables knowing no limit, we often forget that with great power comes great responsibility: protection of personal information, no matter if you are a vendor or a user.

Keeping track of heart rate, burnt calories and even steps taken, wearables' game-changing influence is felt not only in the health care industry, but also within the world of security. Personal information will become bread-and-butter not only for users and health care professionals, but also for attackers.

In addition, enterprises are discovering business use cases for wearable technology, which means security teams must implement plans to protect corporate data on wearables and educate users about risks and best practices.

When talking about wearables security, the following aspects should be on the radar:

  • Wearable devices themselves
  • Any mobile devices that connect with wearables
  • The cloud
  • Users as the "almighty rulers" of the above items

Here's what you should keep an eye on to mitigate the most common threats wearables pose to personal information.

Securing Wearables

The main problem of wearables is the existence of hundreds of models with different custom operating systems and programs. If the amount of operating systems is not minimized, it will be tough to make security progress since every wearable device requires a separate approach. Variety is a spice of life, but too much spice is not healthy!

What's more, wearable devices should ensure secure mechanisms of communication with a smartphone. As showcased by Symantec and its recent experiment, information from wearable device systems is often broadcasted unencrypted.

In most cases, Bluetooth protocol is used for communication with a smartphone. Even though the latest version Bluetooth 4.0 is secure, most vendors still utilize an older version that can contain many outdated defects. Another easy-to-follow piece of advice is to switch off Bluetooth when it's not in use: This way you kill two birds with one stone, saving your battery's energy and avoiding potential danger.

Securing Mobile Devices

Typically, wearables are connected to mobile devices; that's why the security of a phone is no less important than that of a smart gadget. However, tips to protect your mobile device from unwanted intrusion are as easy as one-two-three. Since it's no use crying over spilled information, make sure you follow these uncomplicated pieces of advice:

  • Don't connect to public Wi-Fi spots without a password
  • Regularly update the software and OS
  • Make sure your screen is locked and your password is not "1111" or a similarly easy-to-guess combination
  • Give up the bad habit of having a one-fits-all password, no matter if it's your connected email account or system login: Adding a symbol or capitalizing a letter does make a difference
  • Never leave your phone unattended

Securing the Cloud

Sometimes what drums up attackers' interest is not the wearable device itself, but the cloud, which contains a pool of a user's personal information. Cloud hacking can lead to the revealing of their most private data; the most loud–speaking example is a buzzing nude pictures scandal. To avoid having your private data stolen, get the hang of implementing the following four cloud security controls:

  • Deterrent controls
  • Preventive controls
  • Detective controls
  • Corrective controls

Corrective implementation of these mechanisms maximally protects systems owners from massive information leaks. Find more about cloud security guidance here.

Raising Security Awareness

Wearables are not all about technological aspects, but the human factor as well: More than we think depends on the users themselves. Hunting self-tracking with fervid enthusiasm, customers forget about personal information security and their own safety, which lets hackers act under users' noses. The main preventive measure for wearables' users is awareness, but even the trust-but-verify rule is not fully applicable here.

Never trust a service provider or a device with 100 percent of your personal information, because the cost of losing or revealing it may be too high. Customer security awareness mechanisms should let users understand that even a seemingly harmless check-in or sharing data on a timeline may cause more troubles than we think.

In Conclusion

Wearable technology is a relatively new trend on the market that pushes the IT industry forward and launches new business development directions, but also raises new security issues. These problems are not skin-deep, since attackers' imagination in choice of attack vectors is limitless. Proper security requires a holistic and cautious approach.

Nazar Tymoshyk and Stanislav Breslavskyi are security engineers at SoftServe Inc, and regular contributors to the SoftServe United blog. Nazar is an IT security and network infrastructure expert who specializes in many security disciplines including computer forensics, malware analysis, intrusion detection and mobile application security assessments. Nazar holds a Ph.D. in information security from the State University, Lviv Polytechnics. Stanislav focuses on network solutions development and specifically focuses on security–related challenges for SoftServe, Inc. He holds a bachelor's degree in information security from the State University, Lviv Polytechnics.

Submit a Comment

Loading Comments...