Wear Your Own Device – Watch Out?

Wear Your Own Device – Watch Out?

At the weekend I was going to watch the filming of a TV Show, the film crew made a big point of asking people to leave their phones in a box before going in. No doubt to prevent photos, awkward ringtones and other impact on filming. Perhaps they should have also asked for watches to be left in the box…. read on….

Today there are a swathe of new wearable devices that feed information back and forth from smartphones or directly to the internet.

As with mobile phones, tablets and laptops it is important to understand the benefits and risks for businesses who’s users are likely to be adopting these devices over the next few years.

Wear your own device

For the purposes of this article I am focussing on ‘Smartwatches’ however there is an emergence in new smaller form factor devices including a full PC on an HMDI stick, see here. The price point for SmartWatches range from £40 – £450 so they are definitely lined up for mainstream adoption from customers.

Smartwatches have evolved from the days of the Casio calculator and TV Remote watches that I remember drooling over in Argos in the mid nineties. Miniaturisation has meant that these devices are essentially fully functioning small computers with email, apps, camera’s and plenty of storage. Whilst this is incredible for a gadget lover like me,  this is also the crux of the issue for businesses.

We have run Mobile Device Management Fast Start workshops for several large organisations and we know that companies are only just getting to grips with securing and managing their data (and access to it) from mobile phones and tablets.

So with the introduction of yet more form factors, and operating systems in the case of Android Wear and Apple Watch how should businesses view the risk?

Well, luckily most wearable watch devices fall into two camps –

  • Passive ‘viewers’ of smartphone information (Low Risk)
  • Standalone devices (Higher Risk)

 

Passive Devices

Here the risk is relatively low, the watch type devices are only surfacing information from a Bluetooth attached phone or tablet. The device is relatively ‘passive’ in that it does not store large quantities of usable data that could be a target. Although it is unclear how the personal ‘fitness’ and ‘location’ data would need to be stored securely. This could be an issue for corporate VIPs or other targets in the future.

I have noticed in the online videos of these types of devices that the ‘wearer’ is rarely (if ever) prompted for a password to access information on a locked phone that it is paired to. This could in theory be a back door to bypass the phone’s PIN code.

Some examples are – Microsoft Band, Motorola moto 360, Sony SmartWatch 3

Standalone devices

The newer range of independent devices such as the Samsung Gear S represent almost a full smartphone on the wrist, with a sim card, capable of storing local email, app and file data that could all contain sensitive business information.

gear-s-black

Organisations will need a clear direction on the policies (paper and electronic) to guide users and prevent unwanted storage of company data. Currently this can be done with iOS, Android, Windows Mobile and Blackberry but we have yet to fully provide device level management and control via the usual device management products and services. It will no doubt be a hot topic and once an unsuspecting celebrity has their watch hacked, we will all know about it !

Some examples are – Samsung Galaxy S, Qone SmartWatch

The risks

  • Corporate Data Leakage
  • Unsecured Access (back door to data)
  • Unmanaged devices

There was a rumour that free USB sticks were thrown into the car park of the security services, when the users plugged them in a malware infection attempted to spread itself across the network giving the perpetrators access to info.

This may be a runour, but the theory is sound. Imagine if someone was handing out free smartwatches outside your office. Would your staff take one? Probably. Would they then synchronise them to their phone to make them work? Probably. Is that phone a company device? Does their software now forward corporate emails to their account?

This may sound a bit grandiose, but whether they are free, purchased on the internet or from Carphone Warehouse, we all need to be vigilant in how/when these should be used.

As well as malicious software hacking, Bluejacking and plain old physical theft also represent significant threats in addition to staff all carrying discrete cameras and sound recording devices on their wrists.

In Summary

We are yet to see the full benefits and or threats related to these devices used in businesses. However with the launch of the Apple Watch and the price points coming down the next 6-12 months will indicate the uptake of these devices and therefore the impact level for businesses. It does of course only take one compromised device to cause a major issue. Watch this space 🙂

Need help with Mobile Device and Watch Management?

Contact us at hello@cloudbusiness.com for a free 20 minute workshop call. We can also run full Mobile Device Management and security packages to help you implement solutions and policies.

To be the first to see our blog posts, sign up to our newsletter below;