As organizations invest heavily in shoring up their security solutions to deal with new super threats, they are still falling foul of the most basic form of physical hack: shoulder surfing.
A recent study by the Ponemon Institute and 3M showed how this so called ‘visual hacking’ goes on every day in offices, airports, trains and anywhere else we access a device – resulting in the ‘stealing’ of sensitive data. The research experiment looked into 46 companies in eight countries – the United States, UK, Germany, France, India, Korea and Japan – to find out how prevalent this simplistic type of hacking is and identify the risks.
It found that visual hacking occurred in all the countries and that of 157 visual hacking attempts, 91 per cent were successful. Shockingly, 27 per cent of the data hacked is considered sensitive and takes less than 15 minutes to access.
Laissez-fair attitude to screens
It appears from Ponemon’s research that open-plan offices and mobile working make it easier to shoulder surf. And whether in the office or out and about, people are hesitant about telling others to keep their distance. In 68 per cent of the hacking attempts in the Ponemon experiment, office workers did not question or report the visual hacker, even after noticing suspicious behavior.
Mobile workers are also susceptible. Storage and information management firm Iron Mountain was one of the first to lift the lid on commuter snoopers. In a survey, it found that 72 per cent of commuters in the UK are shoulder surfing to see what the person sitting next to them is working on. And one in five admitted they had seen highly sensitive data by doing this.
Tips to stop the super snooper shoulder surfers
- Educate your workforce
Communication is the best form of action. Make sure your people understand their information security responsibilities both inside and outside the workplace. Provide clear policies and guidelines to enforce this.
- Turn off screens
Advise all workers to shut down and password protect computers and mobile devices when they are not in use, wherever they are.
- Privacy shields
For people working with sensitive data, consider buying privacy shields or new laptops with privacy screens built in. Information can only be viewed directly and at close range, so anyone trying to get a sideways peek will only see a dark screen.
- Reassess your data access policy
How much access is there to sensitive data both inside and outside the office? Is it all necessary or has access become lax? Provide access on a need-by-need basis.
The security landscape is becoming more complex as types of threats proliferate. Jist because it sounds so basic and low tech, don't ignore visual hacking. It's a threat that can be combatted with good practice.
Find out how Orange Business Services can secure your data here.