No doubt about it, the use of digital personal assistants in homes around the country has skyrocketed. Typically, consumer use directs office use on trends like these, but will your employees, either at home or at work, accidentally compromise workplace security while using one of these? What can you do to get ahead of the potential issues?
Start with user privacy
As these devices come into popularity, consider making sure the users on your team are educated on the ins and outs of safe use. That means making sure they know where to find the user privacy controls and where the data goes. Keep an eye out on advances by the developers, too, as we wait for greater user control and greater flexibility in the device.
Good ole policy
It seems trite, but it’s a good early place to start. Develop a system-wide policy on what is and isn’t appropriate. Assume that virtual assistants are always listening, even if they are button controlled because the microphone can be controlled remotely in case of a breach. Some people may not even be thinking about these devices as a microphone recording on their desk, but as we learned from the Yahoo breach, tapping into these devices could allow hackers easy entrance into the rest of your accounts. Think about what the vulnerabilities are and triage them with a common-sense approach balanced between effort and realism.
These are an IoT device; handle with care.
Never lose sight of the fact these digital assistants are like any other IoT device transmitting data to a third party. As such, you should make sure you can segment them from the rest of your system. A relatively simple way to do that is by having users sign into a guest Wi-Fi that doesn’t connect to internal servers.
BYO or purchase them?
This is the same question that faced companies in the early days of cell phones. Do you provide the device (thus offering greater control at the cost of purchasing and maintenance) or do you let employees choose their own? At the exponential rate of development of these devices, they are set to become as critical as text messaging and news feeds in the next few years, making them a hard-to-live-without tool. Start thinking of your security team’s direction now and get the C team on board for decisions involving data ownership, cloud issues surrounding data and privacy/theft.
It’s the simple things: limit the accounts it has access to (none of those in purchasing, for example), and monitor its Internet activity. Turn it off when it’s not in use. Treat it like the built in webcam, and put a sticker over that thing.
Looking to boost the security of your digital assistants?
If you’re thinking ahead about the security of your digital assistants, you need help finding a pro. Consultant Specialists, Inc. is ready to link you to the specialist to take you into the next round of IoT. Contact us.