Here’s a question: where are you reading this? Are you in a place where someone could potentially be looking over your shoulder or able to see your screen at a sideways glance? What if – instead of this page on Infosecurity – you were reading a draft contract, or information about a product yet to be launched, or other confidential information?
As a security professional, you are personally probably very aware and careful around visual privacy, but can the same be said of everyone in your organization? The fact is that visual security is often forgotten in the wider security and privacy context, yet as research and anecdotal evidence shows, it is a very real risk. As we all start to work more in open plan areas, or carry out work on trains, planes or in coffee shops, the opportunities for ‘visual hacking’ increase.
In a recent survey in which 3M was involved, people were asked what they have deliberately or inadvertently seen on other people’s smartphones, laptops or other screens. Here are some examples: banking details and passwords; details of employees’ salaries including contractor day rates; accounts for a very larger merger/acquisition project; and HR issues about colleagues.
88% of attempts by a white hat hacker to breach visual privacy proved successful
Moreover, compared to other forms of computer security – which involve some expertise – visual hacking is alarmingly easy to achieve. Anyone armed with a smartphone with a built-in camera can potentially pick up sensitive information pretty easily. A recent study, sponsored by 3M, carried out by the Ponemon Institute in the USA brought the scale of the visual hacking – or shoulder-surfing – risk into the spotlight, with 88% of attempts by a white hat hacker to breach visual privacy proving successful.
“It is important for data security professionals not to ignore visual hacking. A hacker often only needs one piece of valuable information to unlock a large-scale data breach.”Larry Ponemon, chairman and founder of the Ponemon Institute
The good news is that while visual hacking is easy to perpetrate, it is also relatively simple to prevent. Some organizations are already mandating visual privacy policies as part of their overall security and privacy commitments. Here are three steps that any organization can take to improve its visual privacy.
Embed visual privacy in the overall company culture – With the same importance as the whole security information and event management (SIEM) suite of security priorities. Make sure that staff are aware of the risks and their role in preventing visual hacks, whether working in the office or externally.
Back to basics – Mandate use of screensavers and power-save mode when there is no interaction with a screen for more than a couple of minutes; angle screens so that visitors cannot easily view them; encourage clean-desk policies and avoidance of unnecessary printing of documents.
Install privacy filters – These can be easily slipped on to desktop monitors, laptops, tablets and smartphones, so that only the direct viewer at close range can see the on-screen information (to anyone else, the screen will look blank). The filters can be easily removed when necessary and have the added benefits of preventing scuffs and glare.
Of course, visual privacy is just one element of a much wider security landscape, but given that in many cases it is such a gaping and unaddressed area of risk, yet one that it so easy to prevent, surely it makes sense to take a closer look?
For more information on visual hacking and how 3M Privacy Filters offer a solution, please visit our website.