Many businesses have implemented a Bring Your Own Device (BYOD), allowing employees to use personal laptops, tablets and smartphones to access company data and resources. Some businesses have gone further and implemented a Bring Your Own Application (BYOA) policy too, allowing employees to use their own applications.
And now there’s Wear Your Own Device. WYOD refers to devices which are often worn on the body like fitness bands and smart watches. There’s smart footwear too, capable of charging your phone, providing a WiFi hotspot and tracking your location without anyone else being aware.
Wearables can even visually appear to be like tattoos or implanted in the body. Hannes Sjoblad, the Chief Disruption Officer at Epicenter in Stockholm, Sweden, has had a radio-frequency identification (RFID) microchip implanted under his skin. It lets him swipe into his office, set the alarm system, register loyalty points at nearby retailers and access the gym.
There are other, less recognisable examples of wearables: Tiles are a small Bluetooth device which can be attached or placed inside anything you don’t want to lose, a briefcase or handbag perhaps.
A growing trend
According to some forecasts, the global wearables market is set to treble in size in the next five years and become worth over $25 billion by 2019. And with 5G connection capabilities on their way, new and ever more powerful wearable devices will be imagined and created.
Which raises some important questions for business performance, employee wellbeing and data security…
Tony Anscombe, Senior Security Evangelist for AVG Business, a global provider of security solutions, describes what’s at stake from a data security perspective, “As wearable devices become more prevalent among employees, suppliers and customers, there is a need for businesses to make sure they understand the risks and opportunities. These devices might offer deeper insight into an employee’s performance or personal life, but they also mean more entry points for hackers to exploit. Wearable devices, just like any other device, always need to be managed with security and privacy in mind.”
What and how is data being captured, stored and shared?
Whether company-owned or employee-owned, wearable devices brought into the work place might be capturing business data from within it, even if unintentionally. This was one of the drawbacks of Google Glass. Other people didn’t know what the glasses were seeing and hearing at any given time. They could have been broadcasting confidential meetings or taking images of sensitive documents.
Employees themselves may not be aware how their wearable works, what data is being captured or how it's being shared. Few people read the privacy policy, app permissions or delve deeply into a product’s full list of capabilities. Should an employer then have the right to examine the device to make sure it’s not a security risk? Does an employee have the right to withhold disclosing the device or its data? It’s open to debate and a lack of knowledge is itself a risk.
As Anscombe makes clear, “Without awareness and understanding of who is using which device, you can't manage and control your business data security effectively. Employees and the business might be left wide open to being hacked without realising it.”
What can the data be used for?
Could a company-owned wearable be used to measure and improve an employee’s productivity?
For instance, Tesco supermarket gave digital armbands to employees to track the goods they were gathering from the 87 aisles in its distribution centre in Ireland. This band freed up time they would have otherwise spent marking clipboards. It also assigned tasks to the wearer, forecast a completion time, and logged their movements throughout the centre’s 9.6 miles of three-story shelving.
The insight generated from the data enabled Tesco to achieve a significant efficiency gain: From 2007 to 2012, the number of full-time employees needed to run a 40,000-square-foot store dropped by 18%.
That was good news for the business from a cost-control perspective. However, some employees expressed natural and sincere concerns about Big Brother style surveillance, and how the system seemed only to evaluate their performance based on speed, not quality.
Alternatively, employee-owned wearables might present latent opportunities to improve wellbeing at work.
For example: a diabetic employee wearing a personal fitness band, monitoring their blood sugar levels, might chose to include their line manager – or other trusted colleague – on the list of people the device should alert in case of emergency. Doing so might help the employee feel more confident at work and enable the business to provide the right kind of support, irrespective of performance targets.
Who owns the data and device?
What if it’s not an employee but a freelancer, contractor or customer who brings a wearable into your office? While suppliers may have to agree to your Bring (or Wear) Your Own Device policy, it might not be legally applicable to customers, not to mention unpopular and unenforceable.
What next?
From a policy perspective, banning wearables from the workplace all together doesn’t appear to be a practical option. Devices inserted within the body may go legitimately undisclosed. If you already have a BYOD policy in place, you’ll be in better shape for WYOD. Here are a five areas to consider expanding with respect to wearable devices:
1. Employee-owned – The conditions of use of employee-owned wearable devices in the workplace or on company business.
2. Company-owned – The conditions of use of company-owned wearable devices wherever they’re used.
3. Monitoring and Usage – How wearable devices will be monitored and in which ways the data may be used.
4. Social Media – Explain how the device and its data should be managed with respect to social media.
5. Breach – Details on what happens if a policy breach occurs or is suspected and the consequences.
From a business performance and data security perspective, the following five tips will help you manage wearables in the workplace:
1. Awareness – What is the device and where is it located?
2. Capabilities – What data is the device capturing and sharing, with whom, when and how?
3. Ownership, access and opportunity – Is this a business or personal device? How can the data it captures be used to enhance productivity and employee wellbeing? Can business data be partitioned and wiped remotely? If the device is implanted within the body, access to it might be severely restricted or off limits entirely.
4. Technical protection – It’s essential to use firewalls, antivirus, strong passwords, two-factor authentication and keep devices updated with the latest software patches.
5. Ethics – Ensure there is a clear BYOD/WYOD policy in place.
Wearable technology is rapidly evolving and its use by individuals and businesses alike is expanding. Even if some wearables fail, like Google Glass, other products will be developed to replace them. No doubt we'll see plenty released at this year’s Wearable Europe conference in Berlin.
As wearable tech develops, and the culture surrounding its use becomes clearer, it will become easier to identify opportunities to enhance productivity, employee wellbeing, and the risks to business data.
