Integrity Blog

Acceptable Use Policies and Rules of Behavior for Wearable Technology

Intellectual capital. Trade secrets. Personal Health Information. These are examples of information that organizations invest significant resources to protect through administrative, technical, and physical controls. A breach of this information, as well as a host of other types of information, could result in significant losses for a company, reputation, clients, and finances among them.

Acceptable Use Policies and Rules of Behavior generally provide employees with what is acceptable and unacceptable regarding an employee’s use of company IT, email, and social media. However, they don’t usually provide policies or guidance on the use of an employee’s wearable technologies. Though many companies have Bring Your Own Device (BYOD) policies and are implementing mobile device management, wearable technologies are not normally considered. “May we install an encrypted container on your smart watch?” may draw some inquisitive looks from employees.

Today, large manufacturers are “all-in” with the Internet of Things (IoT), investing millions of dollars in the next great wearable technology, as well as other IoT technologies. Smaller sensors, improved miniature batteries, and various forms of communications – BlueTooth and ZigBee among them – are making wearable technologies possible. But if your organization is not assessing the risks posed by wearable technologies to the organization’s security and privacy, it should.

Already, “connected” watches, eyewear, jackets, gloves, and even shoes are on the market. These technologies are proliferating quickly, adding to the potential risks that organizations need to consider. While Google Glass was in development and getting a lot of attention, “smart eyewear” such as PivotHead were already on the market. Up to 1080p video capture. Check. 8 megapixel photos. Check. Audio capture. Check. Wi-Fi and 4g LTE compliant. Check. All from what looks like a (fairly) normal pair of sunglasses. Oh, and don’t forget the live broadcasting. Check.

Life-logging devices, such as Narrative (formerly Memoto), have already been introduced into work areas, silently snapping photos and sending those photos to the user’s cell phone. Compare this device’s form factor with the seemingly innocuous Tile, which helps a user find their keys (or other Tile-equipped belongings).

The kapture wrist-worn audio recording device sure could be mistaken for an activity tracker by others in the meeting, all while it sends audio clips to the user’s cell phone, which the company asked to be left outside the meeting room.

With a flood of IoT devices – especially wearable technologies – into the marketplace and company offices, as well as limited resources to track all these devices and their capabilities, this is becoming a challenge for companies as they try to protect critical and sensitive data. However, organizations should start to include wearable technologies within their risk and security discussions if they are not already doing so. Many of these devices have capabilities which could be used to quietly and surreptitiously capture information, causing a breach or other security incident.

----------
Disclaimer: this blog is not intended to endorse any manufacturer or product.

Other benefits provided by security information and event management

While the main purpose of a Security Information and Event Management (SIEM) solution is monitoring networks for security incidents, there are other great benefits that can be realized as well. These other benefits help complement your security efforts and present you a well-rounded approach to developing your information security program.

Troubleshooting

The most obvious, non-security benefit is troubleshooting. With all logs gathered in one searchable location, naturally it is easier to find information you need in order to diagnose network or server issues. When performing traditional troubleshooting it is common to “trace” an issue through devices, searching for information in each device’s logs. With a SIEM solution, you can perform this task in one place with an interface that allows you to search logs from all of your devices using simple keywords or advanced filters to find exactly what you need. This can greatly reduce the time needed to resolve everyday troubleshooting issues. While this is the most noticeable benefit, there are a couple more non-security benefits that are worth noting.

Performance and Availability Monitoring

One benefit of a SIEM solution that is sometimes overlooked is the ability to monitor performance and availability, such as network performance and availability and system performance of a server. One way a SIEM solution is able to accomplish this is through the retrieval and displaying of performance statistics through its use of SNMP. Built-in dashboard functions can give you a real time snapshot of network assets. You can access statistics, such as throughput and utilization of network interfaces, on a switch, CPU and memory utilization, or even free and used space on a hard-drive, all from a central location. Another method for monitoring availability is the use of Synthetic Transaction Monitors (STM’s). STM’s are basically automated tests configured to verify the availability of services and applications from within your network. Examples of this would include automated SQL queries to test the availability of a database, or scripts configured with username and password to verify the ability to log in to a web portal.

Reporting

Another extremely valuable function of a SIEM solution is the extensive reporting capabilities. Reporting can be valuable for monitoring metrics of everyday network activity, i.e. bandwidth usage, file transfer sizes, or how many users are logging in on a daily basis. Reports can also be used as an internal check to ensure compliance, or quick-and-easy proof to an auditor that the ever-increasing demands are being met.

SIEM solutions will continue to be heavily security focused, as security is the main function of SIEM. However, we shouldn’t overlook the other benefits of a SIEM solution. Troubleshooting, performance and availability monitoring, and robust reporting capabilities are all fantastic benefits that can be harnessed to create greater visibility of your network environment.

Have more SIEM questions?

This article was originally written for the IowaBiz blog October 2015.
Remote Access can sink your business.

Providing the ability to access critical systems and data via remote locations is critical for most organizations today. Allowing employees to work from home if they have sick kids, employing remote office workers to attract and retain top talent, and enabling disaster recovery and business continuity procedures are all valid reasons that companies implement remote access.

If not implemented properly however, unauthorized users are just as likely to gain access to the crown jewels as your employees. One of the easiest ways to hack an organization is through the remote access provided to employees.

Outdated Operating Systems

Windows 2003 is still frequently used to provide remote access to employees, students, contractors and vendors. This operating system was released 12 years ago. Consider the following things that happened in 2003. Apple iTunes was released with just 200,000 songs. The movie "Finding Nemo" was released. LeBron James was an NBA rookie. And the first iPhone was still four years away.

Kind of makes 2003 seem like an eternity ago, doesn’t it? From a technology perspective it might as well have been a century ago.

Just because it works doesn't mean it's secure

Often we implement technology solutions which seem to continue to work well and serve their purpose. Because they are working, we leave them alone. What we fail to do is continually review the risks to our business as the technology matures and the threats evolve. Remote access is a perfect example.

It is not just Windows 2003 Terminal Services that are out of date. Firewalls, VPN concentrators, Citrix Remote Desktops, and other tools have had vulnerabilities discovered which need to be remediated. Not using two-factor authentication or not using application virtualization and proxies to deliver applications remotely are areas where organizations are assuming too much risk as well.

Successful attacks against remote access

Two of the recent data breaches Integrity has investigated started with attacks against remote access. Once the hacker was able to control the remote access system, they had the opportunity to gain access to vital systems and data at the victim organization. Because this was expected behavior and the systems weren’t closely monitored, the hacking activity went unnoticed for months.

Systems that haven’t been patched, or where the architecture hasn’t been updated to address the evolving threats of today’s world, are most at risk. The security event logs from these remote access systems must also be closely monitored to identify attacks and provide appropriate response times.

Reviewing your technology

The risks to your business and customers from remote access is great. This is one area of technology that requires constant risk assessment, technology updates or upgrades, and thorough security monitoring. Protecting against hackers is often hard work, but sometimes it’s simply a matter reviewing what’s already being done to ensure those efforts are still yielding the results you expect.

Get our blog posts delivered to your inbox: