By Emily Newton, Editor-in-Chief at Revolutionized Magazine
Wearable technology has become a familiar part of everyday life. These items have thrived in consumer segments and are starting to break into commercial markets, too. Wearables in the workplace are becoming increasingly common.
As many as 21% of American adults regularly wear a fitness tracker or smartwatch, and 26% of companies in some industries plan to invest in similar technology. This trend has many advantages, but the coinciding rising attack surface may raise alarms for security professionals. If businesses hope to capitalize on all the uses for wearable devices, they must implement them carefully.
Why Use Wearables in the Workplace?
Wearables do introduce more complex security considerations, but they have many benefits. Wearable location sensors can improve workplace visibility. Many companies used these systems to enable social distancing amid COVID-19, and they can help prevent collisions in other situations.
Alternatively, health sensors can alert workers when they need to take a break to avoid overexertion. Trends from this data can reveal if some workflows are too strenuous and need improvements. Safety wearables have created a 52% injury reduction year-over-year in some areas.
Safety is just one of the uses for wearable devices in the workplace. Augmented reality (AR) glasses can help streamline training and prevent mistakes, offering hands-free, accessible guides to new hires as they work. Similarly, wearables can make communicating and working with colleagues easier, enabling higher productivity.
Best Practices for Wearable Security and Compliance
Businesses that want to make the most of wearables in the workplace must address their security and privacy concerns. Wearables are notorious for lacking built-in protections, and implementing additional data-gathering technologies can create more vulnerabilities and attract cybercriminals. In light of these risks, businesses should follow these five best practices.
1. Make Wearable Programs Optional
Many uses for wearable devices involve gathering personal data from employees. Consequently, you should follow the same guidelines as collecting website visitor data. Inform workers of the program, make it optional, and allow people to opt-out at any time if they change their minds.
While you may not face legal trouble for mandatory wearable programs, at least five states have enacted comprehensive data privacy laws, with more on the way. New restrictions could emerge as regulations develop, so it’s best to err on the side of caution.
Informing workers of potential risks and enabling them to opt-out can also minimize data collection. These devices would then pose a less concerning cybersecurity risk if a breach occurs.
2. Limit Data Permissions
Similarly, it’s best to collect as little information as possible through these wearables. Off-the-shelf solutions may record more information than you need, and any unnecessary data collection is an unnecessary risk.
Before implementing wearable programs, review the devices’ data permissions and restrict them accordingly. You should only collect information relevant to your end goals, which may require turning some features off. Limiting what other network data devices can access is also important to restrict lateral movement.
Similar best practices apply to how businesses store the data they collect through wearables. Some information doesn’t need long-term storage at all, and some become obsolete after a period. Deleting it once it’s no longer relevant helps make companies smaller targets and minimizes the impact of potential breaches.
3. Change Default Passwords and Settings
Many IoT devices’ default settings introduce security risks. Some automatically connect to others on the network by default, increasing your attack surface. Others may have weak passwords or not require passwords at all. Changing these settings is a crucial part of safely using wearables in the workplace.
Passwords are one of the most important settings to address, as the defaults are often easy for cybercriminals to break through. Like any other password-protected account, you should change these passwords regularly and enable multifactor authentication if available.
Any features that don’t actively support your end goals are unnecessary, so you should disable them. The less these devices can do on the network, the less help they’ll be to cybercriminals trying to access more sensitive systems and data.
4. Segment Networks
Another best practice for workplace wearables is to embrace network segmentation. Several actions can make wearables more secure, but they’re still more vulnerable than other devices in many cases. Keeping them separate from other, more sensitive systems mitigates this risk.
Segment your networks so wearable devices can only communicate with each other and nothing else. This will let you experience the full benefits of their many uses without turning them into entry points to more valuable data. If a hacker breaches one of these devices, the damage they can do will be minimal.
Setting up a guest network on the same router is sufficient in many environments. If you have more complex IT networks or sensitive data, you may consider using an entirely separate Wi-Fi network with different routers for wearables.
5. Encrypt Data
It’s also important to encrypt all data collection and transmission from wearable devices. That begins with buying wearables with built-in encryption measures and activating them before use.
Similarly, businesses should encrypt the Wi-Fi networks that host this data as it travels between devices. It’s best to use WPA3-capable routers if possible, as these support up to 384-bit encryption and have additional security features.
Finally, businesses must encrypt their wearable data wherever they store it. Regardless of how long you hold on to this information, you should encrypt it in storage to minimize the impact of a breach.
Make the Most of Wearables in the Workplace
There are many uses for wearable devices in the workplace, but they all need strong security to reach their full potential. Follow best practices and secure gadgets to fully capitalize on them without putting employees’ data or other company systems at risk. You’ll then protect your investment and your business as a whole.
Emily Newton is the Editor-in-Chief at Revolutionized Magazine. A regular contributor to Brilliance Security Magazine, she has over four years of experience writing articles in the industrial sector.