6 Security Tips Before You Put a Digital Assistant to Work6 Security Tips Before You Put a Digital Assistant to Work
If you absolutely have to have Amazon Alexa or Google Assistant in your home, heed the following advice.
February 4, 2019
Experienced security pros like Amy DeMartine simply won't allow a digital assistant into her home.
DeMartine, a principal analyst who serves security and risk professionals for Forrester, says last year's reports of so-called "voice squatting" (aka "skill squatting") – where attackers create malicious Amazon Alexa "skills" that appear to be legitimate applications – has her thinking twice about any of these digital assistants.
"People have to decide what their risk threshold is and configure Alexa or any other digital assistant accordingly," DeMartine says.
According to Candid Wueest, senior principal threat researcher at Symantec, consumers should start by asking the following questions: Do I really need the device, and, if so, what do I need it for? Do I want the device to have a camera to check in on my dog, or am I OK with no camera? And since I already have several devices in my home, do I want to stick with one brand because it's easier to integrate?
Another $64 million question, and this is the big one: Do I trust the vendor?
"This is not an easy one to answer, but, ultimately, you have to trust that the vendor will safeguard your data," Wueest says.
So if you absolutely have to have Alexa or Google Assistant in your home, heed the following advice from DeMartine, Wueest and Jessica Ortega, a website security research analyst at SiteLock. And if you're a security pro, be sure to educate your customers, too.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023