7. Limit access to employee fitness and wellness data
To run a successful wellness program or fitness challenge, an enterprise needs opt-in data from participating employees, such as how many steps they’ve taken. But you should restrict wellness program data access to those who need it to run the program, advises McDonough.
8. Get a clear picture of everything connecting to the enterprise network
“Understanding the full inventory of assets connecting to your enterprise network is critical,” says Anand. “You can’t protect what you don’t realize is on your network, so a process to profile and set policies for all devices that wearables would connect to on your network is an important first step.”
Wearables “should be treated as potential threats like any other computing device,” notes McNeil. “Keep an inventory of them, utilize mobile device management to understand which employees are using related mobile applications on their phone, and ensure that communications used by these devices and companion software are observed to leverage proper encryption over the network.”
9. Require multi-factor authentication
CISOs should require employees to use multi-factor authentication on their smartphones “as an added layer of protection,” Anand says. He adds to “use behavioral analytics to identify abnormal patterns of IT access and usage. At the first sign of suspicious behavior associated with a user’s smartphone that is a known participant of a wellness program, IT can act to mitigate any potential damage.”
10. Prepare for security and privacy risks, especially in the short-term
We’re “a long way” from “IoT anti-malware solutions,” notes Pollard. Wearables use a variety of third-party components, operating systems and software—there’s no standard dominant operating system, such as Microsoft Windows, to standardize or build upon, he explains.
So, the road could likely be rocky in the near-term. Long-term, the security situation will improve, Manzuik says. But it could take a few high-profile vulnerabilities or hacks to get us there.
Sign up for Computerworld eNewsletters.