As we have reported before, smart home devices with speakers—Siri, Alexa, Amazon Echo, Google Home, even Ring doorbells and baby monitors—are always on, always listening and, often, recording voices in the home (and home office) without the user’s knowledge.
We are not the only ones pointing this vulnerability out to home-office denizens! Law firm employees and workers with federal security clearance have been warned about the threat to security and privacy posed by these devices. They have been directed to disconnect them during their at-home workday to protect the sensitive information and data they work with. So, how about the people who work for you, your employees, contractors, consultants, freelancers…are they protecting your business’s data like you hope they would?
Loose Lips Sink Ships
Bloomberg Cybersecurity reports that there are over 76 million smart speaker devices in the US alone, with an inadvertent activation rate of these devices averaging between 1.5 and 19 times per day. Meaning the likelihood of a careless consultant or employee working from home broadcasting your business’s sensitive data is relatively significant.
If the people who work for your business choose to bug their own homes, that’s a choice they have made for themselves and their family—not their employers (you!) and clients (you!) and colleagues. You have a reasonable expectation that you are not being recorded by your employees’ smart home devices during virtual meetings and phone calls. Especially if your business works with sensitive or proprietary information, your employees and consultants likely have a legal responsibility to protect the information with which they are entrusted. But are they?
Let’s just put it out there—keeping clients’ proprietary and sensitive data safe is just a basic, fundamental part of being professional, and you, as a business owner, absolutely have the right to expect professionalism from those you employ or hire in other capacities (consultant, contractor, freelancer, etc.).
What to Do?
When meeting with consultants, contractors, clients, freelancers, or colleagues virtually, it is absolutely appropriate to enquire at the beginning of the meeting if their smart devices with speakers are disabled. If your contractor/consultant doesn’t seem to take your concerns seriously, you should take their tenure with your company under review. If they can’t unplug a device during a meeting in order to safeguard your firm’s sensitive information, in what other ways are they not taking the protection of your proprietary information (which is likely under an NDA or CDA!) seriously?
Find a professional who does take client security seriously. Here at Duke City Consulting, we take the confidentiality of our clients’ information seriously, and we implement multiple levels of security to safeguard it. We also offer inexpensive webinars, including on-demand options, to train consultants and other off-site workers in the fundamentals cybersecurity best practices that will keep their clients’ (and their own) data secure.
The next time you need a consultant to work with your team on the pursuit of R&D funding, talk to the team that will protect and monetize your intellectual property. Contact Us!