Can Wearable Technology Pose a Threat to Your Business’s Cybersecurity and Intellectual Property?
As technology continues to evolve, an organization no longer can assume its information is safely secure behind a firewall. Why? Because employees are now wearing connected accessories and clothing known as “wearables.” These devices, from bracelets that count your steps to continuous medical monitoring systems, are everywhere.
There are several general categories of wearables:
• Smart watches and fitness trackers—for example, Apple and Android watches, Fitbits, Nike Fuelbands
• Smart glasses—for example, Google Glass
• Smart clothing—for example, OMSignal Bra
• Medical Devices—for example, glucose monitoring systems
Each of these devices contain features that can be exploited. They have sensors that capture data from the user’s body or surroundings or microprocessors that extract and process information. They all sync and transmit data wirelessly from your body to an app.
Security Horror Story 1: Signal Interception
Let’s consider a signal interception example. Smart glasses may use Bluetooth technology to connect to a user’s smartphone—that Bluetooth connection could be intercepted, pulling the feed from smart glasses. For example, let’s say an employee was using her smart glasses to review customer data. This technology could cause that sensitive information to be intercepted.
On this point of Bluetooth interception, you may have heard of “keylogger” (short for “keystroke logger”) software that has been installed onto public computers. A keylogger tracks the user’s every keystroke so if that person tries to pull up a bank account on a hotel business center computer, that information could be discovered. Now, keyloggers have evolved into Bluetooth keyloggers that pull Bluetooth signals from smart keyboards. Think of the Bluetooth carrying case you purchased for your iPad. What happens when you’re sitting in a coffee shop, using that Bluetooth keyboard? Your keystrokes may be monitored by a wireless keylogger. Be smart about public settings even if you are on your own device.
Security Horror Story 2: Intellectual Property Espionage
Not every security threat is from a hacker looking for bank account information or social security numbers. If your company prides itself on trade secrets or patented technology, the biggest threat may be related to intellectual property theft. This is not necessarily from your rival in the industry, but rather from a nation state looking to increase its knowledge in the field in which you operate.
Your company does not have to be engaged in a critical infrastructure to be a target. China has been said to be engaged in economic espionage for years, building entire industries by stealing formulas and technology. Universities and research teams are prime targets.
This theft can happen by something as simple as an inbound phishing email. But here’s an example related to wearables—let’s say an employee has a badge with smart technology. The company’s badge reader uses a transmitter to engage with the badge’s smart chip. An employee swipes their badge, not realizing someone with a wireless signal interceptor is nearby. The employee enters and then later, the corporate spy enters the building as well and is freely able to move through your company lab.
Security Horror Story 3:
That “Anonymous Data” Your Employee is Transmitting
Last year it came to light that American military base locations and perimeters were discoverable online. Not because of a data leak—but because military personnel were going on runs using Fitbits. Those Fitbits were connected to the running application called Strava, which was unintentionally publishing a heat map of running routes around military bases worldwide. Thus, just because the information transmitted from a device is “anonymous,” it can still have an impact on security. What if your plant has a backdoor that is not well-secured but employees often use it to enter and exit your building? This information could be tracked on a fitness application.
A Well-Designed Technology Use Policy Can Help PREVENT These Headaches
When was the last time you read your company’s technology use policy?
As technology rapidly expands into all areas of an employee’s life—and into their wardrobe—it is time to dust it off. With constant changes in technology, you should plan to review your technology use policy every year.
If your company is a government subcontractor or is downstream from critical infrastructure, you may be aware of the cybersecurity regulations your business is required to follow. But, are you thinking about those regulations with regard to wearables? Your technology use policy should cover those devices, too.
Design a technology use policy that requires certain security features of all devices, including wearables, and whether they are allowed into your facility. Should Siri or Alexa be enabled or disabled? Devices that use virtual assistants are often “listening” for their trigger “on.” If you are engaged in sensitive discussions consider whether those virtual assistants should be turned off.
This is not intended as conspiracy theory. In cybersecurity, the best defense is a good offense. Don’t think in terms of preventing every possible event, but be smart about the technology you use and how you use it.