Security

4 strategies for your IT wearables policy

Without a formal plan or policy, wearables may introduce your company to a security breach​.

The adoption of smartwatches, smart glasses, and wearable scanners is projected to reach $55 billion by 2022, a fact that was not missed at the 2019 CES trade show (CES 2019: How Samsung Gear S3 became a surprise hit in the enterprise).

If enterprise IT decision makers and business end users have not implemented formal plans or policies for wearables adoption, don't wait. Without one, a security breach is basically receiving an invitation to your company's data.

SEE: Internet of Things policy (Tech Pro Research)

Wearables strategies

Below are four wearables strategies IT and end users should consider when formalizing plans or policies.

1. Identify present and future wearables use cases

Several compelling wearables use cases exist such as using wearables to monitor patients, equipping building inspectors with wearable glasses that transmit blueprints, or providing wearables to workers so that they can operate hands-free.

Let these successful use cases guide your company on where to best deploy wearables. Then as you deploy wearables, you and your end users will see other use patterns emerge for wearable applications.

Write these future patterns and applications into a multi-year IT strategic technology plan and cross-link it into other growth needs.

2. Check liability coverage for wearables security and data breach exposures

Healthcare tracking wearables successfully monitor patients and patients' medical information. Unfortunately, a potential security and data privacy exposure can lurk if a third-party gains access to a patient's private healthcare data through a wearables device. Who receives the blame? The wearables manufacturer or enterprise?

Make sure to address security breaches of wearables in your risk management strategy. Who gets the blame for a wearables breach is a nebulous area since the breach could have been at the device level or through the network. Also consider the argument that the wearables manufacturer is likely to put forth—that although it manufactured the breached wearable, you controlled and dispensed the device when the breach occurred.

The bottom line: IT risk management needs to address wearables. Companies should also confirm with their insurance liability providers that insurance covers a wearables breach.

SEE: BYOD policy (Tech Pro Research)

3. Adapt smartphone lockdown and data policies to wearables

Wearables present several familiar and unfamiliar areas for a data breach. First, it is relatively easy to a hack a wearable with password-fingerprint ID security. Second, the Bluetooth connection between wearables and smartphones that users operate in tandem is ripe for security intrusions and data breaches. Third, users may lose wearables in the field, along with the data residing on it. Fourth, in the BYOD environment that many companies operate in, wearables are bring your own, too. This makes it harder for IT to enforce security practices.

IT needs to address these concerns—at a minimum through security policies developed for smartphones. For example, networks should be allowed to monitor wearables and automatically lock down a wearable device if it is reported as lost.

4. Decide who supports wearables issues

Wearables introduce users to complications with wearable hardware, operating system, networking, and applications. Where do these help calls get routed? Develop a help desk decision tree so that calls involving wearables gets routed to the correct party for resolution.

Also see

Image: Sarah Tew

About Mary Shacklett

Mary E. Shacklett is president of Transworld Data, a technology research and market development firm. Prior to founding the company, Mary was Senior Vice President of Marketing and Technology at TCCU, Inc., a financial services firm; Vice President o...

Editor's Picks

Free Newsletters, In your Inbox