Pratum Blog

Acceptable Use Policies and Rules of Behavior for Wearable Technology

Intellectual capital. Trade secrets. Personal Health Information. These are examples of information that organizations invest significant resources to protect through administrative, technical, and physical controls. A breach of this information, as well as a host of other types of information, could result in significant losses for a company, reputation, clients, and finances among them.

Acceptable Use Policies and Rules of Behavior generally provide employees with what is acceptable and unacceptable regarding an employee’s use of company IT, email, and social media. However, they don’t usually provide policies or guidance on the use of an employee’s wearable technologies. Though many companies have Bring Your Own Device (BYOD) policies and are implementing mobile device management, wearable technologies are not normally considered. “May we install an encrypted container on your smart watch?” may draw some inquisitive looks from employees.

Today, large manufacturers are “all-in” with the Internet of Things (IoT), investing millions of dollars in the next great wearable technology, as well as other IoT technologies. Smaller sensors, improved miniature batteries, and various forms of communications – BlueTooth and ZigBee among them – are making wearable technologies possible. But if your organization is not assessing the risks posed by wearable technologies to the organization’s security and privacy, it should.

Already, “connected” watches, eyewear, jackets, gloves, and even shoes are on the market. These technologies are proliferating quickly, adding to the potential risks that organizations need to consider. While Google Glass was in development and getting a lot of attention, “smart eyewear” such as PivotHead were already on the market. Up to 1080p video capture. Check. 8 megapixel photos. Check. Audio capture. Check. Wi-Fi and 4g LTE compliant. Check. All from what looks like a (fairly) normal pair of sunglasses. Oh, and don’t forget the live broadcasting. Check.

Life-logging devices, such as Narrative (formerly Memoto), have already been introduced into work areas, silently snapping photos and sending those photos to the user’s cell phone. Compare this device’s form factor with the seemingly innocuous Tile, which helps a user find their keys (or other Tile-equipped belongings).

The kapture wrist-worn audio recording device sure could be mistaken for an activity tracker by others in the meeting, all while it sends audio clips to the user’s cell phone, which the company asked to be left outside the meeting room.

With a flood of IoT devices – especially wearable technologies – into the marketplace and company offices, as well as limited resources to track all these devices and their capabilities, this is becoming a challenge for companies as they try to protect critical and sensitive data. However, organizations should start to include wearable technologies within their risk and security discussions if they are not already doing so. Many of these devices have capabilities which could be used to quietly and surreptitiously capture information, causing a breach or other security incident.

----------
Disclaimer: this blog is not intended to endorse any manufacturer or product.

Get our blog posts delivered to your inbox:

The information we track while users are on our websites helps us analyze site traffic, optimize site performance, improve our services, and identify new products and services of interest to our users. To learn more please see our Privacy Policy.