The IT Security Risk on Your Wrist

Mobile computing devices used to be the challenge for many enterprises. IT departments found themselves tugged in several different directions at once. Employees insisted on using their tablets and smartphones to access company applications, while security officers threw up their hands in horror at the idea of unknown and uncontrollable devices having a way in to corporate data. Judging from statistics from a survey earlier in 2015 by BYOD security solutions provider SOTI Inc., security officers are right in their misgivings. Mobile device usage puts enterprises at risk, whether through sloppy networking or data storage practices or other. Yet what if the bigger security risk was now no longer in your pocket, but strapped to your wrist?

When a company like Apple is in the wearable computing market, it is a strong sign of potential uptake of this new digital species. “But it’s a fad”, you say, “a fashion item that doesn’t belong in business anyway”. It may be time to revise that point of view. Wearables are increasingly linkables too. They connect wirelessly with smartphones, for instance. Wearables can gather data and take pictures or record video clips. They can become extra eyes and ears, often undetected or unsuspected in business environments. People may not think that it is possible for them to be watched by an Apple Watch, but the connection to an iPhone makes it possible for the watch to transmit images too.

Unfortunately, wearables still lack security features. They increase the potential “attack surface”, but do not benefit from security management software of the type now available for smartphones and tablets. Remote deletion of data (in case of loss or theft of the wearable) is not provided, yet wearables can siphon off data from smartphones that in turn connect to corporate databases. Somewhere out there, a hacker is dreaming up a way to get into your digital fitness band, your Google Glass, or whatever other wearable you have adopted, and from there to get into the information systems behind it. How can you assess security threat to your own organisation? A quick look at employees wrists (be discrete!) will give you a first indication.