Secure remote working in the age of smart speakers

Ross O’Donovan, Information Security Practice Lead at Logicalis Ireland, outlines five ways of working securely with smart speakers and digital voice assistants like Siri, Alexa and Google in your home.

Due to the Covid-19 crisis, businesses across Ireland have had to adapt their processes and implement technologies to enable staff to effectively work from home. Of course, employees too have made changes to the way they work, ensuring that they have the connectivity to access work systems and the means to communicate with colleagues and customers.

Not only has the pandemic created a challenge in terms of business continuity, it also poses a risk to security. In fact, according to reports, there has been an increase in the amount of cybersecurity attacks and phishing scams in recent weeks. As well as being more alert to such threats, employees also need to be aware of and address other potential points of weakness in their homes.

“Whether it is Alexa, Siri, Cortana or Google Assistant, people need to be aware of the potential risks associated with their personal devices”

The majority of households, if not all of them, now have some form of digital assistant present. From Siri on your phone to Alexa on your smart speaker, these devices also need to be taken into consideration when assessing how secure the work environment at home is. After all, there have been concerns raised about these technologies in the past, especially in relation to the ability to listen and record information.

Whether it is Alexa, Siri, Cortana or Google Assistant, people need to be aware of the potential risks associated with their personal devices and ensure they are taking additional measures at the current time to safeguard the security and privacy of their current work environment. Here are five tips to help…

Be more aware

It may sound obvious, but the reality is that many of these digital assistants can be alerted by the smallest gesture, such as the lifting of your wrist or the utterance of a particular word, and this could happen during a confidential conversation with a customer. As well as finding out what the triggers are, find out what information your device gathers and how it is being used by either reading the privacy agreement or a related FAQ – this will help you determine the most suitable next steps.

Check your settings

Check all of your device settings and disable anything you are not happy with. This will help to limit what your digital assistant can access. If there is an option about helping to improve services and features, deselect this. This option permits the storage of more information about you in order to deliver a more personalised experience thus increasing the chance of it listening when you don’t want it to. Furthermore, when you get a notification saying that the privacy agreement has been updated, double check that your settings are as you left them.

Do not share

Within your settings, also make sure that your other apps, especially work-related ones, are not sharing information with your digital assistant. If they are, deselect them. This is important, especially for those assistants that may have access to your search history or email apps. Similarly, disable sharing across devices as, even when you are not using them, these apps are always running in the background. So, when you are checking that work email on one device, another device could be checking it too.

Turn off the microphone

Perhaps you might want to consider temporarily turning off the microphone for your device, or disabling the device completely, when you are working. Due to the fact that many of these digital assistants rely on activation words, there is a high risk of accidentally prompting it to listen to a confidential conversation by using one of these terms or even a similar sounding one. While this sounds extreme, it is probably the best way to maintain the security and privacy of your work activities among such devices.

Review your history

Smartphones and smart speakers are data hungry – this is how they make your life simpler and user experience better, but it also means that in the wrong hands, these technologies could give away more information than you want. For example, if your assistant has access to your internet search history, this could mean that you are potentially putting work (and also personal) information at risk, especially if the device were to be hacked. For many of these devices, you can review and/or delete data from interactions with your digital assistant. Perhaps this is one to add to the daily to do list!

While working from home is necessary during the current time, it is also necessary to ensure that every element of the work environment at home has been considered and adapted to protect business operations. Any point of weakness is more at risk now than usual and that includes devices that are used in a personal capacity. Yes, digital assistants are useful and have great value for people, but it is crucial to view them in light of cybersecurity concerns and just what information they could be gathering at this time.

Dark haired man in suit and tie standing in a server room.

Ross O’Donovan, is Information Security Practice Lead at Logicalis Ireland. He is a highly experienced Information Security Specialist with a demonstrated history of working in the UK and Ireland.