EZ MSP Blog
How to Prevent a Virtual Assistant from Compromising Your Security
Virtual assistants have a lot of promise as a productivity tool, so it only makes sense that they would begin to appear in the workplace. Unfortunately, these devices have also gained a reputation as a security risk. Whether or not you’ve considered bringing virtual assistants into your business, you need to prepare for their presence there.
From Apple’s Siri, to the Google Assistant, to Microsoft’s Cortana, to Amazon’s Alexa, these voice-activated solutions have appeared in our computers, our mobile devices, and in stand-alone devices.
As they have become more commonplace, they have grown in capabilities. Many of these capabilities are admittedly well-suited for the workplace - but the always-on microphones that these devices rely on to function make many pauses. After all, there’s the potential for sensitive data to be sent along to a third party if it is merely spoken aloud in this device’s presence.
This has created a quandary for those wishing to leverage these devices - do the benefits outweigh the potential risks of such an implementation?
Here, we’ve assembled a few considerations that should help make these risks less of a factor.
Just Another Internet of Things Device
The risks inherent in Internet of Things devices have been clearly documented. One notable example was the Mirai botnet, which enslaved IoT devices to power its attacks. Furthermore, it seems to be easy to forget that these virtual assistants are simply another Internet-connected device.
However, if you keep that in mind, you may find it much simpler to outline policies for these devices that can help to reduce your potential security risk. For instance, if there is a location in your office where sensitive information is spoken aloud, a virtual assistant shouldn’t be placed there. Furthermore, you don’t want to put your business’ network at risk, so it would make more sense to establish a secondary wireless network for these devices to use. That way, even if these devices are infiltrated, the rest of your network isn’t made vulnerable as a result.
Whose Devices are They?
Data privacy and ownership is a big deal in business, which could potentially complicate our issue further. Let’s say an employee were to bring in their own virtual assistant. While this may reduce the business’ capital investment into the use of a virtual assistant, there are a lot of concerns regarding security and privacy. How can you enforce data privacy if the data is being accessed by a device that you can’t control?
Policies Are Your Greatest Asset
In order to keep your business safe, while still embracing the benefits that virtual assistants can bring to the workplace, you need to set firm controls on how they can be used. There should be the assumption that one of these devices can always be listening, leading to a policy of keeping these assistants out of areas where sensitive information is regularly discussed.
This awareness should also spread over to your other devices. There are already plenty of microphones and potential vulnerabilities in the office. Phones can have their firmware hacked, and laptops can have monitoring software installed without your knowledge.
EZ MSP can help you be sure that your business remains secure against a variety of threats while still enjoying the use of different technologies. Call us at (914) 595-2250 to learn more.