October 17, 2025

October is Cybersecurity Awareness Month (CAM). GuidePoint Security is proud to join the national effort, championed by the US National Cybersecurity Alliance (NCA) in collaboration with the Cybersecurity & Infrastructure Security Agency (CISA), to amplify essential cybersecurity practices under the 2025 themes: Stay Safe Online and Building a Cyber Strong America.

We all have devices: phones, smartwatches, tablets, fitness trackers, and even prescribed medical equipment like heart or glucose monitors. But how often do you think about the device security of those gadgets in your pocket or on your body?

Outdated firmware, default passwords, and unsecured connections can turn personal wearables into gateways for cyber attackers. Wearable technology enhances our daily lives, but it can also expand the attack surface of any network we encounter, including those at our places of employment. Even remote employees can unintentionally expose sensitive systems if their personal devices are compromised.

Understanding how to identify and secure potential weaknesses in wearables and portable systems is a crucial step toward keeping both personal data and corporate networks safe. Here are 5 ways to determine whether your devices are a threat to the networks around you, along with guidance on how to fix them:

1. Outdated Firmware is Making You Vulnerable

Firmware is the built-in code at the hardware layer that makes your devices run. Like anything that runs code, it can contain vulnerabilities. While operating system updates typically happen automatically, firmware often requires manual updating. Attackers actively look for devices running older firmware due to the prevalence of known exploits. If your wearable hasn’t been updated recently, it could serve as a weak link, allowing attackers to harvest data, hijack Bluetooth connections, or even pivot into other connected systems.

How to Update Firmware

Most devices either have a connected mobile app or direct “settings” feature. Look for Firmware Update or Device Information in your app or device. You should see the current version and have the option to check for available updates. Some devices automatically update when connected to Wi-Fi or paired with your phone, while others require manual installation through the manufacturer’s website or support portal. Make it a habit to check your devices at least once per quarter or whenever prompted.

If the Firmware Can’t Be Updated

If your device has reached end-of-support or the manufacturer no longer provides updates, it’s time to consider retiring it, especially if it connects to your work phone, laptop, or network. Unsupported devices are effectively unpatched vulnerabilities. At minimum, disconnect them from sensitive systems, disable network features (like Bluetooth or Wi-Fi), and limit data-sharing to only what’s essential. When possible, replace legacy wearables with models that receive regular security updates and have a defined support lifecycle.

2. Unsecured Networks are Putting You at Risk

Wearables, cell phones, and tablets often sync data through Bluetooth or Wi-Fi. Many devices default to automatic automatically connect connection to open and publicly available networks and devices. As you go about your day, you might not even be aware that your devices is connecting, communicating, and even broadcasting. Meanwhile, attackers can intercept data or use those connections as a bridge into your phone, laptop, or even your corporate environment.

How to Lock Down Wi-Fi and Bluetooth

Ensure that you’re in charge of when and where your devices connect. Disable automatic pairing and requiring manual approval each time a new network or device requests access. Turn off Bluetooth and Wi-Fi when not in use, especially in public spaces, and remove saved networks you no longer trust or use. When connecting to known networks, always choose those that are protected by strong passwords and modern encryption standards.

If You Must Connect

Certain situations call for an internet connection or device pairing, even when the conditions are not optimal. If your wearable requires a constant connection for health monitoring, take extra precautions. Keep it paired only with trusted devices, enable any built-in encryption features, and avoid connecting through public Wi-Fi. If you need to access your corporate network in a public setting, use your phone’s hotspot instead of open networks, and further secure your connection using a company-approved virtual private network (VPN).

3. Your Devices are Listening, Watching, and Tracking Your Every Move

Many wearables, and phone applications, request more permissions than they actually need. Access to device location, personal contacts, messages, cameras, or microphones can create serious security risks. Storing personal information or credit card data on your device increases potential exposure for both you and your organization. Threat actors can exploit this data to track your movements, gather information for social engineering attacks, or directly exfiltrate sensitive information from apps that should never have had access in the first place.

How to Shut Down Access Permissions

Carefully consider what your device and applications need for operation. Most mobile apps provide settings that limit camera, microphone, and location access. These settings limit accessiblity to properly authenticated and active sessions. Periodically review app permissions in your device settings and revoke anything that isn’t essential, and turn on multi-factor authentication (MFA) for application access whenever it’s available. Remember: apps and devices can sometimes reset default settings upon significant operating system updates. After any major update, verify that your saved security settings are still intact!

If You Can’t Restrict Permissions

If an app or wearable requires broad access that you can’t control, evaluate whether it’s truly necessary for your use when you’re near your corporate network. When possible, replace it with an alternative that respects privacy and limits data access. At a minimum, avoid syncing sensitive work or personal data through that device or app, and ensure your corporate VPN or security tools are in place to mitigate risk.

How to Store Information More Securely

If you must store sensitive information on a device, ensure it is in a secure location. Avoid placing corporate information on unmanaged and unmonitored devices or applications. You should never store sensitive information such as passwords, confidential data, and documents outside of approved applications and storage systems.

For personal information, consider reviewing your device’s built-in features. For example, while the “Notes” app may seem like a convenient place to store personal logins, credit card data, or your kids’ social security numbers, anyone who can open the device has free access to this information. Even someone simply looking over your shoulder can steal unsecure data. Instead, consider using a password manager from either a trusted provider, or as shipped with your phone. These systems not only offer additional protection while passwords and other personal data are at rest, but they obfuscate details and deter prying eyes.

4. You’re Flying Under the IT Radar

In many organizations, personal wearables fall outside the scope of IT oversight. These unmanaged devices represent a blind spot, even if you’re diligent in your personal security practices. Using your personal phone or smart watch to connect to corporate email, cloud storage, or internal networks may be convenient. But without IT security controls, logging, or monitoring in place, you could be putting your organization at risk. Unmanaged devices make it difficult for security teams to detect suspicious activity or enforce policies, increasing the risk of breaches, malware infections, or data leakage.

How to Verify Proper Device Management

Check if your company’s mobile device management (MDM) system can register and manage your personal device. Once your organization manages your device, the system typically enforces password rules, applies encryption protocols, and enables remote wipe capabilities. Always ensure the devices you connect to your organization’s systems comply with all Bring Your Own Device (BYOD) policies, and do not try to disable or circumvent organizational security settings.

If IT Management Isn’t Available

Treat any device that IT can’t manage as a potential risk. Limit its connection to work networks, avoid syncing sensitive company data, and use separate accounts for personal and work activities. Regularly audit your devices for unusual behavior. If you must use your personal device on your organization’s network, ensure that your IT team is aware and that they have signed off on the risk.

5. Unencrypted Data Leaks Happen Silently

Wearables often collect highly personal information. Health metrics, biometric data, geolocation, and sometimes even financial or corporate details all represent high-value targets for threat actors. If you transmit this data without encryption, attackers can intercept it and expose you and your organization to privacy breaches, identity theft, or targeted social engineering attacks.

How to Verify and Enable Encryption

Check your device and companion app settings to ensure they encrypt data in transit and at rest. Enable features like HTTPS, end-to-end encryption, and secure cloud storage. When you sync with your phone, laptop, or cloud accounts, use encrypted and password-protected connections. Use a corporate VPN to add another layer of security on public or untrusted networks, but wait until you’re on a secure connection before transferring sensitive data.

If Encryption Isn’t Available

If your wearable or app does not support encryption, limit what sensitive information you sync. Do not transmit corporate data, personal health metrics, or location details through that device. Consider replacing the device with a model that supports strong encryption standards and has an active security update policy.

Personal Device Security for Your Organization

Personal devices don’t have to be weak links in your organization’s security. GuidePoint Security can help you identify shadow Internet of Things (IoT) on your network, determine potential vulnerabilities, and implement best practices through an IoT Platform Assessments.

Learn more >

This October, take a moment to reflect: Are you and your employees practicing the Core 4 every day? Small steps, done consistently, can stop big threats. Cybersecurity is everyone’s job, and together, we can all do our part to stay safe online.