Twenty years ago, the idea of a piece of technology that could track each step you take throughout the day seemed futuristic—maybe even impossible. The future and the impossible have arrived, and they’re in your office, tracking steps, monitoring heart rates, and even reminding staff to get some exercise. With smartwatches, smartphones, and tablets all connected to their networks, wearable security is a top concern for IT managers.
“The problem,” says Matt Olan, IT professional at Pharmacare Specialty Pharmacy, “is that many of these devices have little to no security, and in many cases, they’re even more vulnerable to attacks and misuse than your typical PC. We allow certain Internet of Things (IoT) devices on our network, but security is always taken into account when planning an IoT deployment.”
Most companies are aware of the wearable security risks, but the majority aren’t actively preparing for the impact of IoT in the workplace. According to the Spiceworks 2016 Internet of Things (IoT) survey, 38 percent of respondents said they lack the time and resources to prepare for the impact of IoT. What needs to change in the IT department to prepare for and improve wearable security?
Get serious about mobile security
According to the Spiceworks report, among organizations preparing for IoT in the workplace, 68 percent are planning to educate their users about the security risks. Host training sessions to keep your employees up to date about their responsibilities, and keep them updated about any changes to your security polices. This is the framework for basic requirements like passwords, inactive timeouts, remote tracking, and data wiping.
You might also want to consider adding to your infrastructure. With a virtual mobile infrastructure (VMI), you can keep up with the rapid changes in how employees use mobile devices, identify potential gaps, and show what upgrades will need to be implemented to account for wearable devices. VMI can be a win-win, because enterprise documents and tools aren’t stored on employee devices.
You also need to be transparent with your staff about the limits of your security policies. For example, according to CIO, most of the data collected on fitness tracking devices isn’t covered under the protections dictated by the HIPAA statute that guards health information. The HIPAA Privacy Rule protects a range of health information, such as names and medical history, but medical data collected from devices falls into the category of “de-identified” information and isn’t protected. If your company network is compromised, any data from those wearable devices could fall into the hands of hackers.
Manage expectations for IT
The worldwide wearables market grew 126.9 percent in the fourth quarter of 2015, according to IDC. As the popularity and range of wearables continues to grow, IT teams need to ensure that staff can make the most of these advancements without sacrificing wearable security. Identifying the purpose and extent of wearables in the workplace helps ensure that both IT and other employees are prepared for the conditions.
Wearables track the locations of their users, and the apps installed on them create another layer of vulnerabilities with usernames and passwords. IT can respond to these potential ramifications by implementing a mobile device management system. Another way to enhance security with wearables is to implement a comprehensive Bring Your Own Device (BYOD) policy that includes requirements for employees to properly register their devices, as well as rules about what can or can’t be accessed from the device.
Additional security features that can be controlled by employees include passcodes or lock codes on all mobile devices. This eliminates the risk that data could be accessed if the device falls into the wrong hands. It’s the IT team’s responsibility to ensure that employees are trained and informed on proper security precautions and practices.