As smartwatches and other wearables gain popularity, experts are warning of potential data security risks in workplaces.
Some employees have begun connecting their personal smartwatches with corporate Wi-Fi networks, which could mimic the problems caused when personal smartphones started showing up at work several years ago. That earlier bring-your-own-device (BYOD) trend fostered an explosion of software products from various vendors for managing devices securely, alongside laptops and desktops.
As wearables begin to flood the workplace, the risk to employers could begin to look like "BYOD on steroids," said Peter Gillespie, an attorney at Fisher Phillips, a national labor and employment law firm representing employers.
Gillespie is concerned that as smartwatches are allowed to attach to emails -- or internal productivity software in some cases -- vital corporate and personal data could be lost, stolen or corrupted.
The problem is only just emerging and few companies seem to understand the potential harms, Gillespie and others said.
"As of now, wearables and Internet of Things devices are not getting attached to employer networks and so it's not been viewed as a serious problem," Gillespie said in an interview. "But I do think employer IT and HR departments should be aware that the consumer rollout of wearables has not been designed with enterprise data security in mind."
He's unaware of even a single example of a user of a personally owned wearable device creating a data security problem for a company, but added: "It's something we're looking at in terms of anticipating potential problems before they happen."
Many smartwatches connect to data via a smartphone over Bluetooth, but some are being sold with cellular connectivity and can provide a user's GPS location and other data. If connected to a corporate directory and other corporate data, there's the potential, albeit small, that such data could be hacked. Or a user's health and fitness data could be hacked, depending on how a company configures its network security.
"It's very difficult to anticipate how creative folks can get about pulling off data and making use of it...and whether that turns into a problem," Gillespie added.
Phil Hochmuth, an analyst at IDC, said enterprises recognize the use of personally owned wearables on corporate networks as a potential security issue. "They are looking for solutions to get ahead of it, although not on a large scale," he said.
So far, typically only a handful of workers in a given company will use a wearable to gain access to email or customer relationship management tools like those available from Salesforce, Hochmuth said. "So far, it's not like businesses are deploying these kinds of wearables widely," he said.
Hochmuth said the corporate risk associated with a consumer wearable inside an enterprise is similar to the BYOD smartphone risk. "They're both connected devices, likely owned by a worker, and in some cases can store a lot of data or sync with corporate apps that contain sensitive information," he said. "A device like an Apple Watch could be seen as a risk if the phone is corporate-owned but the watch isn't."
Sign up for MIS Asia eNewsletters.