Wearable devices are coming to the workplace. As noted by ReadWrite, an estimated 72.1 million wearables will ship to consumers in 2015. Many will be used both at home and the office. Fitness trackers, designed to measure things like heart rate, steps taken and sleep patterns, are the most popular type of wearables. As these devices appear in the workplace, a worrisome question arises: Is fitness tracker security capable of defending company networks?
On the surface, fitness trackers may not seem like much of a security concern. Their small size and limited network connectivity make them appear non-threatening and disconnected from the more critical functions of a company's system. But as security researchers recently discovered, popular trackers may be vulnerable to malware infections, Engadget reports. Hackers must be close by and the size of malware is limited, but their tiny tendril of network connection to the larger corporate infrastructure may offer just the boost the malware needs to become a full-blown IT problem.
Is that scenario a long shot? Sure, but as proof of concept goes, it is pretty cut-and-dry: Fitness trackers are not inherently secure.
Fitness trackers, mobile devices, wireless sensors and "smart" appliances collectively make up the Internet of Things, a rising tide of monitoring technology. While this always-on network offers real benefits for companies looking to get a clear picture of their business end-to-end, It Pro Portal points out that device security is lagging behind innovation. This is unsurprising, because companies want to be first-to-market and security may often be considered an "afterthought" in those early stages.
As noted by CNBC, meanwhile, cybercriminals are taking notice of the massive market share represented by wearables. Research firm Forrester predicts that in 2016 hackers will release ransomware for a medical device or wearable.
Are fitness trackers a risk to your security? Absolutely. As with any Internet-connected device, security tends to land lower on the priority list; with functionality and usability sometimes trumping defense. One option is to outlaw the use of these devices in your office. However, just as clamping down on cloud applications leads to the rise of "shadow IT," trying to eliminate fitness trackers will likely result in surreptitious use. Solving the problem, therefore, requires company oversight, either in the form of local IT management using device-monitoring software or by leveraging a third-party service to keep tabs on these devices on the network.
Right now, hackers don't have to break a sweat if they want to crack fitness tracker security. Until security catches up with demand, small and middle-market companies are on the hook to secure these devices and keep their networks healthy.
SIGN UP FOR THE THRIVE NEWSLETTER