This holiday season, millions of people will be given a gift they are already worried about: Smart speakers, a gifting juggernaut and cybersecurity challenge. 

The devices are wildly popular presents. Around 8% of Americans got a smart speaker as a gift last year over the holidays, according to a survey by NPR and Edison Research, and the number of the devices in U.S. homes increased by 78% year-over-year, to 118.5 million in December 2018.

The main reason people have not added one to their homes? Security concerns. Nearly two thirds (63%) of people who do not have an Amazon Alexa or Google Home say they “worry hackers could use smart speakers to get access to your home or personal information.” 

“Smart speakers present different kinds of security vulnerabilities from computers, mobile devices, and even other IoT devices.” – Avast Security Evangelist Jasdev Dhaliwal

“Smart speakers present different kinds of security vulnerabilities from computers, mobile devices, and even other IoT devices,” says Avast Security Evangelist Jasdev Dhaliwal. “Our engagement with them is instinctive and often less mindful. They connect with other devices and networks in ways we might overlook. And we give them to family members so they can connect more easily to the online world without factoring in security issues they may not consider.”  

What does that mean for you? Whether you’re giving, receiving, or avoiding smart speakers as a gift, you may want to keep a few best practices in mind. Here are five tips on managing smart speaker security this holiday season. 

1. Have a talk about the fact that a machine is listening. A new user may need to be introduced to what it means to have a smart device that can listen to their lives. Some people want a machine to tune in and give them reminders. Many others were alarmed that human transcribers at Amazon, Apple, and Google were listening to some anonymized discussions people had with their smart speakers. There are steps you can take to protect your privacy from smart speakers. And users should know that they can mute the devices’ microphones and erase already recorded conversations. 
2. Prepare the home with a cleanse. This is a great time of year – before smart speakers or other devices are added to the network – to change the name of your wi-fi-network, and change that password. To do this, go to your Wi-Fi provider’s website and search how to do it. Remember to use a long password you have not used before that includes a combination of upper and lowercase letters, numbers and special characters. Name your Wi-Fi network something that would not be easily identifiable to others. (For instance, don’t use your name or address.) Changing this will knock all your devices off the Wi-Fi – phones and computers as well as Internet of Things devices. That’s a hassle. It’s also a way of making sure no one is on the network who shouldn’t be. Never rely on the default password that came with your router. Some routers come with default passwords, such as "admin" or "password." Ensure your router and Wi-Fi network follow recommended password guidelines (above). 
3. Be careful how you connect. Amazon, Google, and Apple love to connect their smart speakers to online accounts – especially their own. That helps Alexa to buy things on Amazon, or Google Home to use its search engine. So a great cybersecurity hygiene practice is to change your Amazon, Google, or Apple passwords before you hook up your smart speaker. Once your speaker is set up, enable voice recognition if possible. This will allow you to connect to your accounts, but prevent others from accessing them. If you don’t do this, someone else could ask your smart speaker to access the accounts you have connected. (Nightmare scenario: “Google, read me Mike’s emails.”) This is also a good reason to change your “wake word” for Alexa or Google to something else. 
4. Don’t put your smart speaker near a window. University of Michigan researchers demonstrated this month a highly publicized hack of smart speakers via laser. It’s unlikely that could happen to you, but better safe than sorry. You also don’t want wanna-be hackers shining lasers in your windows. A more relevant risk would be prowlers who could yell at a smart speaker they see, “Alexa, unlock the front door!” Or simply smash the window and grab the speaker.  
5. Circle back. If you give someone a smart speaker, you are opening up a new world of daily conversations and new vulnerabilities. It’s not a set-it-and-forget-it. Some users might become quite reliant on their devices in some ways, and unaware of any risks. They also might not know their devices can help them in many other ways. You may need to have a whole new conversation about cybersecurity with a new user before they discover, say, voice-controlled shopping. 

Got all that? The set-up might seem complicated compared to simply asking Alexa, Google, or Siri to do something. That’s the point. Smart speakers are wonderfully convenient. Bolstering IoT security just takes a little more work. It’s worth it.