Why it’s time to voice security concerns about smart assistants in the enterprise
Alexa and her cohorts are poised for widespread business uptake, but can we really trust them to keep company data private and secure?
With so many of us spending long periods of time at home during the COVID-19 pandemic, the likes of Alexa, Siri and Google’s voice assistant kept us company, making life easier and more entertaining in multiple ways. The statistics speak for themselves (no pun intended) – there are now over 200 million Alexa-powered devices sold. Combining the mobile and home market, experts predict 8 billion digital voice assistants will be in use by 2023.
Consequently, workers’ expectations are increasing to access the convenience and speed of voice-assisted support in order to do their jobs. However, the AI assistants offered by web giants like Amazon and Google are not the most discreet and businesses need to think seriously about whether they can be trusted in a world where data protection and privacy breaches can bring an organisation to its knees quicker than you can say “OK Google”. Before committing themselves, businesses must thoroughly examine the Trojan-horse-like risks this technology can bring into the enterprise space.
Voice assistants to become part of “the new normal” at work
By 2021, Gartner predicts that 25% of digital workers will use a virtual employee assistant on a daily basis. From an employee’s perspective, sharing details of a work calendar with voice-assisted devices in the home, or setting an alert for emails coming from an individual to be read aloud makes perfect sense. Plus, we’re now living in an age where contactless interaction is encouraged – an important advantage of voice command.
Recognising their growing potential in the working environment, the race is on to claim a stake in this emerging market. This summer, Microsoft announced its virtual assistant Cortana will be added to its Teams mobile app and available for in-room use, helping with tasks like sharing files, sending chat requests, or managing emails on voice command. Amazon recently held its biggest ever developer launch, Alexa Live, with 30 different announcements made about new voice capabilities and a focus on customer dialogue management for businesses.
Convenient, but not secure
The most popular assistants are provided by web giants with their own commercial agendas. The same challenges remain that companies are faced with when using “pro-sumer” applications like document sharing, cloud-based emails, and other collaboration tools from these external providers. User privacy is far from guaranteed, with their open nature benefiting their providers. Listening to conversations gives these companies a huge quantity of incredibly valuable insights – a goldmine for marketing databases and targeted advertisement.
To hackers, forms of AI like voice and video assistants can be a gateway into people’s lives and physical environments, or act as bugging devices, eavesdropping on conversations, in the ultimate invasion of privacy. As their ubiquity increases within businesses, AI assistants are an increasing target for spyware, similar to the attacks we’ve seen on online voice and video calls, where supposedly private group chats were found by conducting a simple Google search, meaning anyone could join in. Voice control brings added potential for exploitation with the possibility of smuggling in malware and spyware by unwittingly adding new “skills” to Alexa through “trigger” words.
The future? Private enterprise virtual assistants
When it comes to voice-assisted applications, the only way companies can ensure privacy and prevent hacks is to run their own separate AI-based voice assistants with enterprise-grade administrative controls. This next-level virtual assistant will make full use of voice recognition and biometrics to ensure that only those within an organization that have been authorized can access information. End-to-end encryption will enhance data privacy for voice-assisted use of secure video conferencing, calls, messages document sharing and other productivity and collaboration purposes. Equally, the setup behind bespoke enterprise assistants will be customisable, with audit trails, data logs, and privacy settings making staying in compliance with data protection easier, no matter how stringent an industry’s stipulations are. More importantly, web giants will be out of the picture so they will not be able to harness the data from these private AI assistants for their own retargeting purposes.
While these private virtual assistants may not arrive in the workplace as soon as their less secure counterparts, they will be capable of handling all the day-to-day voice commands thrown their way, without the worry of exposing the company to any security risks or privacy breaches. This peace of mind will be worth the wait, keeping data safe within the virtual walls of the organisation, no matter how much confidential information employees choose to share with the virtual assistant.