Buyers of digital assistants on Black Friday urged to exercise caution
23 November 2018
Back in July, A survey of 1,000 UK consumers by Thales eSecurity revealed that if the price was right, 49 percent of shoppers who did not own digital assistants were willing to purchase a digital assistant on Amazon Prime Day, with a majority of them setting their sights on the Amazon Dot.
Of those who were not interested in purchasing an Amazon Dot or Siri, only 20 percent were not doing so due to security concerns. The survey revealed that 68 percent of consumers already used a digital assistant and among them, over 57 percent maintained the default settings on their devices and 40 percent did not know how to personalise security settings at all.
“On the whole, digital assistants are still used in a relatively low-risk way. 84% of digital assistants are connected to two or fewer devices, and only 9% of those surveyed said they are aware of use in their workplace,” said John Grimm, senior director of IoT security strategy, Thales eSecurity.
“However, as consumers begin to connect to more devices while still maintaining the default security settings, the risk and vulnerability will only increase. As such, it’s critical that consumers purchasing these devices really understand how they work and ensure that they are getting their desired level of security and privacy by personalising the security settings,” he added.
Understanding the security implications of using digital assistants
With millions of people in the UK gearing up to take advantage of attractive offers and deals on Black Friday and Cyber Monday, the firm has again warned prospective buyers of digital assistants to “really understand how these devices work” and to learn how to personalise device security settings before they start using such devices.
According to Thales eSecurity, if you are thinking about purchasing a digital assistant either today or on Cyber Monday, you should do a little research into how these devices work and learn more about the data such devices record and save.
Considering that digital assistants are as secure as any other IoT device being sold on a large scale, you must take precautions and take the pains to personalise your device security settings and employ other security measures to best protect your personal information.
At the same time, you should ensure that digital assistants should only be used in an environment where they can listen to every word that is said and should put in place failsafe mechanisms to prevent the assistant from taking any actions you’d find objectionable.
Mark James, Security Specialist at ESET, told TEISS earlier this year that the need to make IoT devices cheaper, more accessible and more user-friendly has forced IoT-device makers to pay less heed to security.
“It’s not always going to a tech guru installing; as this technology becomes more widely available, the average user needs to be able to order, receive, (pre)setup and forget as quickly as possible to make it desirable for the untechnical user to embrace.
“All of these features make the perfect recipe for disaster- one we have seen before, we will see again, and one which, worryingly, we will continue to see until security becomes a minimum standard for any internet connected device,” he said.
Practising good cyber hygiene on Black Friday
Todd Peterson, IAM specialist at One Identity, told TEISS that the pure eagerness for people to bag the best deals on Black Friday is a huge threat as people may neglect basic security hygiene in a rush to smash through their loved ones’ Christmas lists. As such, people must shop only on genuine websites and not trust unknown shopping websites with their credit card numbers or other personal details.
“Keen shoppers need to realise that ‘easy’ doesn’t necessarily equate to ‘safe’, so having non-essential websites store their passwords or credit card details or using the same password across all online stores is ill-advised.
“By taking extra measures, such as using a different password for every website, enabling multi-factor authentication or opting in to extra security provided by your bank, for example, it may be extra steps, but the security payoff will be worth it. After all, if it’s more difficult for you as the shopper, it will be more difficult for hackers. Treat personal online transactions the same as you do for work; if it wouldn’t fly with your boss at work, then reconsider,” he added.