The Walking into Wearable Threats report shows that it’s not just employees accelerating the influx of wearables into the business environment:

  • Sixty-one per cent of UK respondents say their organisation actively encourages the use of wearables in the workplace
  • A quarter (25%) say their workplace is either in the midst of rolling out devices or already using them; with smartwatches the most popular device (65%) closely followed by activity trackers (58%), such as Fitbit and Jawbone UP
  • A further 19 per cent of respondents are interested in implementing wearables in the near future

The top reasons for deploying, or potentially deploying, wearables include improving staff productivity and incorporating the devices in a broader Bring Your Own Device (BYOD) programme. Over a quarter (27%) of respondents who are implementing wearables, or are interested in doing so, say wearable devices are required as part of a business insurance programme.

Cloud services company, Appirio has introduced CloudFit, a voluntary wearable device programme, as part of a company-wide initiative to improve staff well-being. “Since incorporating CloudFit we have witnessed the growth of a healthy competitive and collaborative environment,” said Tim Medforth, SVP at Appirio.

“By using a Fitbit device and our volunteer CloudFit program, staff are not only getting healthier, but also working better as a team. An unintended benefit has been the reduction in our health insurance costs. But it’s so much more than the insurance benefits – it’s about being a great place to work and creating a productive, engaging and fun environment.”

 

Wearable security risks

The vast majority (85%) of UK respondents in the study are aware that wearables present IT security risks, such as data theft, identified by 47 per cent of IT decision makers, and auto-syncing of company data (34%). Yet almost two-thirds (64%) of respondents are not concerned with the proliferation of wearables in the workplace.

According to Raimund Genes, CTO of Trend Micro, they should be, particularly as three quarters (76%) allow staff to access corporate data on their personal mobile devices, and nearly one in ten (9%) of this group say their organisation has no security protocols or guidelines for personal devices that connect to corporate data.

“Any new device that enters the business environment presents a security risk, and it is inevitable that wearables will connect to corporate data, just like other smart devices,” he said. “These threats will only increase as wearables become more sophisticated and more of them enter the enterprise. It is crucial that organisations think about the measures they can take to minimise the threat from wearables, before they become as omnipresent as smartphones.”

The report suggests that the majority of IT decision makers appreciate that action will need to be taken at some stage. More than eight in ten (82%) UK respondents think that their organisations’ IT or BYOD security policies will have to change to account for wearables. Half of respondents (50%) feel that their organisation needs to introduce limitations on data captured by wearables, and 43 per cent think that their security policies should become more stringent. The majority (73%) of those interviewed agree that businesses should introduce a wearable device policy.

According to Vinod Bange, partner and data protection specialist at international law firm Taylor Wessing, “A smartwatch tracking health metrics like blood pressure and heart rate during a normal day, or perhaps during exercise, could mean people literally wear their hearts on their sleeve. The question inevitably focusses on whether the individual has any understanding of what happens to that data when the wearable is ‘connected’?

“Data Protection Regulators are increasingly concerned about the fundamental points of transparency and consent in relation to the sharing of such sensitive personal data.  Regulators are keen that users are made fully aware of what will happen to such data and that ‘choice’ is prominently built into the use of the devices. There is no doubt that the entire data cycle flowing from wearables should be subject to stringent control measures as identified through a ‘privacy by design’ model,” added Bange.

Genes concludes by urging UK organisations to act as soon as possible to tackle the security risks raised by wearables at work. “We expect the growth of wearables to accelerate markedly when the Apple Watch launches in Spring 2015, so it isn’t too early to put the necessary IT security measures in place, covering people, processes and technology. Along with introducing new or amended security policies, technology such as end point security, encryption and Data Loss Prevention need to be deployed.”