Wearing devices to work creates new risks around hacking, data security
(Reuters) — Wall Street is worried about wearables — not whether to invest in the next generation of interactive watches, wristbands and eyeglasses — but the cybersecurity risks that brokers present when they wear them to work.
New technology, such as Google Inc's Google Glass, a tiny computer mounted on eyeglasses, could create new challenges for safekeeping client data, brokerage executives and regulators say. The more devices people bring to work, the harder it is to protect company systems from hacking.
More significantly, wearable devices may eventually look like any other fashion accessory, making it easier for the unethical — anyone from brokers to the cleaning crew — to scan documents and other sensitive data without supervisors noticing, they say.
"You only know about the devices your people tell you about," a Financial Industry Regulatory Authority (FINRA) official said at the Wall Street-funded regulator's annual conference late last month.
The worries are surfacing as Google is rolling out new frames by designer Diane von Furstenberg this week.
Of course, Google Glass wearers are easy to spot because of the device's distinct look. People can also use their smartphones to take pictures of things that they shouldn't. But Glass and similar devices could eventually become less noticeable, a brokerage risk-management executive said at the FINRA conference.
Google Glass features, including a light-up screen and voice commands, let others know when users take a picture or video, a Google spokesman said in an email. It is unclear, however, whether anyone nearby would notice. Meanwhile, another type of wearable device is increasing in popularity. The market for smart watches, made by Samsung Electronics Co Ltd, Sony Corp and others, will triple this year over 2013, according to data firm IDC. Apple Inc begins production of its first smart watch in July.
Bring your own device
Brokerage firms may not be able to stop occasional rogue employees from misusing wearable devices. But they should prepare for risks posed by well-meaning employees who want to use the latest personal devices for legitimate reasons, such as receiving work email, electronic privacy experts say.
The use of a growing number of personal devices for work creates opportunities for viruses to infect company servers, said Mike Weber, vice president of Coalfire Labs, in an interview. The unit of Denver-based Coalfire Systems Inc advises businesses on information security. Employees may also lose devices, giving hackers potential access to sensitive data.
Some firms and FINRA itself already let employees receive company email on personal devices. Software can help fend off hackers by encrypting company information on an employee's personal smartphone and separating it from personal data.
Technology professionals can tweak the software for wearable devices, said Nicko van Someren, chief technology officer of Good Technology Corp in Sunnyvale, California. That's especially important for wristwatch devices used for client email.
"We're not expecting any of the problems to get easier because the screen is smaller," he said.