It’s interesting to see wearables starting to dominate some of the discussions around cybersecurity. While we are all familiar with Bring Your Own Device (BYOD), and some of us also with Choose Your Own Device (CYOD), we are likely to hear much more about Wear Your Own Device (WYOD) and its impact on data security over the coming months.
Most companies have put in place controls and processes to manage BYOD (which includes mobile devices such as phones and tablets) and CYOD (a choice of devices pre-approved by the business) – yet wearables and connected devices are not typically considered part of an organisation’s risk management strategy.
As more devices become connected, the security implications will grow. Worryingly, most of these devices will not be looked upon as a security risk, and wearables can (and will) be exploited as any other connected device. Smart watches, glasses and TVs are all potential entry points to an organisation’s infrastructure.
As always with advances in technology, there is a fine balance to be struck with the advantages that wearables bring to a business and its employees, and its need to protect sensitive information.
Before banning wearables, there are practical steps that organisations can take in order to minimise the security exposure that WYOD brings as they may enable innovation and personal efficiency. Putting the risks in context is essential and to also put in place the necessary policies as an extension of their BYOD policy. These should then be enforced with network and access control systems, extending protection to wearable devices which will typically be connected over Bluetooth or wireless. Finally, look towards analysing logs effectively and efficiently which can be achieved through working with a Managed Security Services Provider (MSSP) to correlate the increase data that these devices will generate.
There is little doubt that BYOD/WYOD will continue to impact on every business. As more sensitive information moves to consumer devices, your business needs a robust and flexible security policy to ensure data, networks and the transmission of this sensitive information is safe and secure.