Brave New World: Wearable Devices Pose Security Challenge for Businesses

With the release of the Apple Watch, a number of companies are likely to grapple with an increasingly common problem: how to secure sensitive company data and information in the age of wearables.

The Apple Watch may be the most high-profile wearable to hit the market, but wearables – electronic devices that are connected to the Internet – are an increasingly common tool for consumers. This trend is only expected to increase, with some analysts dubbing 2015 the “year of the wearable.”
 
As the devices become more common, consumers are also increasingly likely to bring them to work. Devices such as the Apple Watch, and others like Fitbit, are designed for use just about around the clock. But the presence of these mini-computers could pose a security threat to businesses. Why? Many of the devices may end up connected to workplace wireless networks or email servers and the security of wearables varies significantly. Although some may have strong built-in security, others may be more vulnerable to hackers, which could leave business networks, and all of their sensitive data, vulnerable to attack.
 
In its report on the “Internet of Things,” the Federal Trade Commission urged companies to keep data security in mind as they design new products. Wearables and other connected devices, the FTC urged, should have strong security measures built in from the outset, rather than as an afterthought in the design process.
 
But as the FTC has noted, the security challenges are particularly difficult for wearable devices. For starters, many of the companies making wearables do not have experience in dealing with security issues. This is because the wearable market is not dominated by big tech companies in the way the computer market once was. Today, wearables are being designed by companies in dozens of industries, from fashion and apparel to homegoods. In addition, wearables are increasingly inexpensive, making it economically impractical for companies to provide security patches or notify consumers if they discover security vulnerabilities post-sale.
 
Transparency is also a challenge with wearables. Many wearables either have tiny screens or lack a screen altogether, making it more difficult for consumers to review terms of service or a privacy policy before they use the device. In some instances, devices may be collecting sensitive data on their users and selling that data to third parties, without consumers’ knowledge or consent. This lack of transparency can make it even more difficult for companies to keep tabs on their own networks and security practices. 
 
The FTC has signaled its willingness to bring enforcement actions against companies that misrepresent the security and data collection practices of their connected devices or that engage in egregious security practices. In time, more companies may also heed the FTC’s urging to implement security measures from the outset. But as wearables begin to flood the market, companies will likely be on their own to develop internal controls to prevent wearables from posing a security risk. Having a data breach incident response plan and a clear privacy policy in place should help reduce the impact of any security breach.

Contacts

Continue Reading