Can a confidentiality agreement or attorney-client privilege be compromised by your smart refrigerator or smart speaker? It's a question that's becoming all the more pertinent these days.

Lawyers say internet of things (IoT) devices can pose a security and privacy threat as more legal professionals work and discuss sensitive client matters from home and hackers adjust their attacks. 

To be sure, many are unclear exactly how likely it is for a hacker to eavesdrop on client phone conversations through an IoT device. But Dickinson Wright member Sara H. Jodka said lawyers owe it to their clients to protect their privacy.

"Because I don't know and I can't guarantee that privacy to my clients, I will not have that technology on when I am having sensitive client phone conversations," she said.

To be sure, IoT devices have been known to listen in. Last summer, it was revealed various Facebook, Apple and Google products leverage contractors to manually review recordings directed to their software. The IoT devices are also not impenetrable. Earlier this year, Amazon.com Inc. was hit with a class action suit over hacks of its internet-connected home surveillance product Ring.

Mindi Giftos, a Husch Blackwell information technology lawyer and the firm's office managing partner in Madison, Wisconsin, noted, "There's a big difference if someone listening is doing testing or marketing data versus someone with ill intentions and plans to intercept and use it in a harmful way."

Uncertainty aside, Giftos said her firm has internally and externally shared articles highlighting the potential cybersecurity and privacy pitfalls of IoT devices. She also noted she turns off her personal IoT electronics and Siri when making client calls.

"I don't know if that's overkill or not," she said. "I think it's being mindful of what might be listening and taking steps to turn them off or take yourself away from them when you're discussing sensitive client information."

Unplugging IoT devices when making client calls isn't irrational, but practical for mitigating risk, agreed Stroock & Stroock & Lavan chief information officer Neeraj Rajpal. 

"We sent an email out literally a few days ago that when you're working from home, you should turn off the Alexa devices or Google Home or put them in another room. Or better yet, just turn them off," he said. 

To be sure, threats posed by IoT devices aren't new. But as more lawyers and staffers work from home in a new environment, bad actors may target those devices, Rajpal said.

What's more, leaving the controlled environment of a law firm and its IT team means some IoT devices scattered around a home could be unpatched and vulnerable to hacking, added Connell Foley cybersecurity and data privacy chair Karen Painter Randall.

Still, should lawyers and staffers unplug that voice-enabled refrigerator before joining the client call? Not quite, Rajpal said.

"There's a fine line between practical and security," he said. "'You [just] need to be a little more careful."