Do your workplace policies cover wearable devices? Many commercial and Government facilities ban cameras and cellular phones with cameras, but having such policies and not enforcing them can hurt you in the wake of a successful attack.
If you routinely ignore a security policy and someone violates it, then you may be left holding the bag — I’ve seen it play out in criminal charges.
Today’s risk is increasing. Uncontrolled wireless devices are being introduced in increasing rates — from Smart Phones to tables, we’ve all started to deal with mobile device security issues, but what about wearables?
The most obvious device that’s going to produce a plethora of security and social issues is Google Glass and it’s clones. From company secrets to Human Resources issues (staged and real) to non-work activity, the always-available video recording of the workplace environment means new risks in data loss prevention (DLP).
Traditional DLP solutions don’t work on still images, let alone video streams. A customer service agent could record all transactions for a day without much effort. Retail clerks and wait staff could easily record all credit cards, including validation codes.
Accident and insurance fraud from staged accidents in retail environments and automobile worlds are common. Staged falls, baited hostile workplace reactions and false sexual harassment claims are going to make both customers and employees who are prone to commit fraud on their own, or as a part of an organized group, may be facilitated by wearables.
Even if the employee themselves aren’t malicious, these devices and their data streams are going to be vulnerable to both malicious code and data theft. Think about the amount of thought your least-savvy employee puts into the selection of applications for their Smart Phone. Now imaging an always available, object and text-identifying device hanging off his ears and the bridge of his nose!
Moreover, as the technology matures, other wearable smart devices are going to create personal area networks (PANs) to interact with one another. Every manner of sensor available is going to be connected to clothing and accessories, and all that data will measure, quantify and collect everything in the work environment.
While attackers have long searched source code for bugs, they’ve always needed a copy of the program. Traditional corporate perimeters have sometimes made that acquisition more difficult. Home-based tele-workers and laptops made that perimeter more porous, but streaming wearable devices may make that pattern matching even more removed from the source material.
It’s not just video either! We’ve known for several years now that we can reconstruct keystrokes based upon sound input- from recorders, speakerphones and Voice Over IP (VoIP) systems, this threat has started to emerge slowly, but will eventually gain more traction. What’s next? Motion sensor readings from a smartwatch?
As wearable smart devices become more common, they may be as ubiquitous and as ignored as cameras on phones are today. Policies and procedures are the first defense, but eventually we’re going to need technical measures to help protect customer data, sensitive information and even personnel from staged events designed to provide leverage over employees or management.