22 May Wearables and the Threat to Corporate Security
Have you noticed an increase in wearables in the workplace? Have you considered whether your current BYOD policy is suitable for the rise in wearables?
While users are taking on these devices for fitness and to extend the capability of their phones, they are adding risk to companies by bringing them into the office.
Existing BYOD policies may not completely cover wearable devices.
What Risks Do Wearables Pose to Businesses?
Wearable devices are often paired to a device that may have corporate emails and data on it. If the wearable device is compromised then corporate data can be stolen.
As people get increasingly interested in wearables...these devices end up indirectly connected to corporate networks via BYOD devices. Bogdan Botezatu, senior e-threat analyst at antivirus company Bitdefender.
In addition to this, if malicious software is installed on a wearable device it may be used as a backdoor into a corporate network. Information could then be extracted from the network either through the device or back into the cloud.
Research by BitDefender shows that information between Bluetooth devices can be intercepted and read. This is done through brute force attacks that identify the six digit code that pairs two devices together. BitDefender has shown that data communicated between wearables and phones is a potential weakness.
Geoff Vaughan, a security consultant from Security Compass says keeping Bluetooth constantly turned on is a security risk.
You have to have Bluetooth on all the time. So what are the implications of that? It extends your exposure to potential attackers. Geoff Vaughan, Security Compass.
The Four Key Areas of Wearable Security
Introducing an IT policy for wearable devices is an important step towards keeping corporate data safe. IT policies need to explicitly address the following four key areas:
Identify the known vulnerabilities of the device and ensure the manufacturer provides support. Give preference to manufacturers that provide regular device updates and security improvements.
Address what data the device have access to. This may be emails, documents and login credentials stored on the phone that the wearable device has access to.
Inspect how secure the cloud platforms used are and whether they are vulnerable to attacks.
Outline what level of access users have. If devices are compromised this will show much information can be accessed.
You are more vulnerable if the attacker knows about you. The more data in the cloud linked with a personal profile, the more likely it is people can get the data and use it against you to craft an attack. Raimund Genes, chief technology officer of Trend Micro.
How Corporate IT Can Protect Their Data
To ensure a company is ready for wearables it is imperative to look at how employees will be using their wearables. Examine the threats and follow standard security procedures when dealing with breaches.
When in environments that could be a potential security risk it would be advisable to turn off Bluetooth in the handset. This will limit the exposure to brute force attacks.
If a company is in the position to choose the wearable device then a choice based on security is desirable. Some wearables store information on the device whilst others store information on the paired handset.
For now, Apple's watch appears to be the most secure of the emerging smartwatch landscape. All of the data at rest will be on the mobile device, which is in contrast with other watches where almost everything is on the watch. Those certainly have a larger threat landscape. Geoff Vaughan, Security Compass.
Would you like to keep up to date with developments in enterprise mobility? Sign up to our newsletter for more.