Top Concerns for Digital Assistants in the Workplace

by VPNHaus | 02/13/2018

Digital assistants like Amazon’s Alexa/Echo, Apple Homekit and Google Home are increasingly becoming part of the connected home. The Alexa for Business Platform, announced at the end of 2017, is set to bring this technology into the heart of the office.

Soon, we may be relying on digital assistants to help with all kinds of mundane work tasks from setting up conference calls to replenishing office supplies. No doubt this is all very convenient but will it be at the expense of security? With hacker activity and state-sponsored surveillance on the rise, will digital assistants become like the proverbial Trojan Horse allowing attackers to sneak past our defenses unnoticed?  

Fortunately, digital assistants are just like any other IP-connected device from the Internet of Things (IoT). The best way to secure them is to ensure they can only communicate data via end-to-end encryption technologies such as a virtual private network (VPN).

Jobs for the Digital Assistants

Ever since Amazon launched its Echo smart speaker in 2014, featuring Alexa, its sales have established it as the U.S. brand leader with 69% of the market. According to a recent study on the digital workplace from Dimension Data, a division of The NTT Group, 62% of organizations expect virtual assistants to have a place in their companies within the next two years.  

This may be encouraging for Amazon and its competitors, but the fact is these are still early days. Separate research from Unit 4, provider of enterprise systems for services organizations, reveals that while 38% of professionals say they’ve used a chatbot or digital assistant like Alexa for personal reasons, only 11% have done so while at work.

Early workplace applications for digital assistants are focused on making simple admin tasks more productive and efficient. For example, they can synchronize with schedules and to-do lists to provide verbal reminders of actions or events. Voice activation allows you to initiate or join conference calls while the device itself can double up either as a speaker or controller of more sophisticated conference call equipment. It could also be used to find an available meeting room, order stationery items, request IT support or help with on-the-job training.

Boon or bug

Ironically, the very strengths of digital assistants as smart communication devices are also their Achilles heel. To a hacker, a digital assistant is a handy listening device that could be used to eavesdrop on confidential company conversations.  

Businesses already under siege from phishing scams and hoax messages like fake CEO emails are understandably suspicious of digital assistants. There’s a risk, for example, that hackers might hijack them for clues making their scams more convincing.

Such lingering security concerns cause executives to wonder if digital assistants are simply a new way for outsiders to target sensitive data or penetrate a system’s security. In the current climate of increased business regulation and tougher fines for non-compliance, people are nervous of introducing any new device that could lead to a data breach.  

Protection against cyber attacks is a major hurdle that digital assistants must pass if they are to gain the trust of business owners and widespread acceptance in the workplace.

Spying for the state

Cybercriminals are not the only concern.

Without proper built-in security, the privacy of digital assistants may be susceptible to voice identification techniques practised by state surveillance programs such as NSA/PRISM in the U.S., Broad Oak in the UK/GCHQ or the EU/Interpol Speaker Identification Integrated Project (SIIP).  China too is thought to have a similar program capable of positively identifying many hundreds of thousands of Chinese citizens by the sound of their voice alone.

Privacy groups like the EFF and Freedom of the Press Foundation are lobbying for greater restraint of state powers. Yet, there is no indication that this will happen any time soon.

The only alternative is for Amazon and the other device manufacturers to collect and store voice data so that it remains anonymous.

Mitigating the risk

Development of machine learning and voice-activated digital assistants continues apace. Big changes to how business environments operate are on the way.

Researchers are working to help these devices surmount the security challenges. Scientists at MIT, for example, are looking into the development of digital assistants that no longer require a web connection to process AI-related tasks like voice recognition.

For now, the most effective technique for securing data exchanges remains end-to-end encryption – a protocol that is widely used by remote VPN services.

End-to-end encryption protects data in transit by scrambling it to make the content unintelligible. Only the sender and legitimate recipient of the message possess the unique keys to make the information legible. 

Digital assistants are just like any other kind of Industrial Internet of Things (IIoT) device. They will be asked to receive, collect and store all kinds of company confidential information. To be properly secured this data needs to be encrypted on the device, in transit and in storage.

A centrally managed VPN allows IT administrators to access, authenticate and maintain digital assistants remotely. It also allows them to monitor the device and alerts them to any attempts at unauthorized interference.

In summary, we will soon become accustomed to digital assistants making our daily lives easier in the office – helping us to keep appointments on time, scheduling calls and making sure we never run out of essential supplies without out ever having to lift a finger. But without appropriate security, it could also be the source of an embarrassing data breach. 

End-to-end encryption using a VPN allows the device to be authenticated, updated and managed remotely from a central point – helping companies to shield sensitive information from reaching the ears of cybercriminals and state-sponsored surveillance.