Resource Library

Always-listening Devices Pose Data Security Risk

Close up of person working at laptop and a personal digital assistant speaker is set on the corner of the desk

The COVID-19 pandemic has resulted in larger numbers of employees working from home. This has kept organizations functioning, but working from home creates an increased risk of data breaches.

Personal Digital Assistants

One of the risks is personal digital assistants such as Amazon Echo (a.k.a. Alexa) or Google Home. These have become commonplace in many homes. Individuals may also have smart appliances that have microphone capabilities and are connected to the Internet. Often these are collectively referred to as the “Internet of things.”

Recent news articles have highlighted some of the privacy concerns these products raise, especially if working from home and dealing with sensitive information or not-public data for government employees.

These products’ microphones are always on, waiting for the action words such as “Alexa,” “Siri” or “Hey Google.” Therefore, the concern is that they are recording information while waiting for the action word, and once it is activated, it records and stores all voices around them.1

Also the increase of these devices in homes has given hackers a new area of concentration. Hackers can attack the product via an individual’s wireless router.

Most software programs have security flaws that are discovered after the device is purchased. The manufacturer/software developer often issues patches to update those security flaws. It is important for device owners to understand how software will be updated, whether automatically or manually.2

Steps to Secure Data

Government officials and employees can take some steps to secure government data while working from home relative to personal digital assistants. Below are some potential solutions.

  • Take an inventory of smart electronic devices in the home and understand their recording capabilities and settings.
  • Review a digital assistant’s applications and privacy settings. Set the device to delete any current or past recordings.
  • Understand whether and how newly discovered security flaws can be patched.
  • Do not have personal digital assistants within the listening range of the work space.
  • While working, unplug the device or turn off the microphone.
  • Review the router security settings and take steps to add protection against hackers.3
  • Change any factory-issued default passwords.

1 “Security of Voice Assistants” by xiffe, NewGenApps blog, April 13, 2020 (
2 “Internet of Things (IoT) Security and Privacy Recommendations, Broadband Internet Technology Advisory Group,(
3 “12 Tips to Help Secure Your Smart Home and IoT Devices,”