The biggest vulnerability is in the Bluetooth connection wearables usually share with a smartphone. Any device that connects to the internet carries the risk of an attack, but many wearables use smartphones as a go-between rather than functioning as a standalone smart device. Wearables themselves are currently more of a theoretical (but still legit) risk, with more security compromises thus far coming from devices connected to wearables or compromised external databases. But that doesn’t mean you can throw caution to the wind.
As always, you should be mindful of any apps or other software you intend to install on your wearables. Make sure they’re from trusted (and legitimate, as sometimes attackers will post an official-looking app while pretending to be the associated company) sources, and take at least a few moments to do some sleuthing (checking user reviews, browsing discussion forums, or even searching “is [app name] safe?”) before you install something you aren’t confident with.
This goes double for your smartphone. But in addition to staying vigilant about apps that look official but may still feel a bit off, you’ll also want to pay close attention to app permissions. Not all apps need to know your location, have access to your photos, etc. So if any permissions seem odd for a particular app, restrict them, and don’t be afraid to delete apps that appear to be acting suspiciously.