Back
To protect sensitive information from cyberattacks, most employers have detailed security policies in place. We’re required to change our passwords on a regular basis; computer systems have firewalls that prevent access to servers; our IT departments install authentication software to make computers more secure. The list goes on.
But low-tech methods, such as visual hacking, are often overlooked, yet are among the easiest to adopt. Defined as the act of viewing or capturing sensitive, confidential and private information for unauthorized use, visual hacking is easy to do, thanks to the explosive use of mobile devices and open-office layouts.
We wanted to find out just how prevalent visual hacking is in the U.S. So in 2015, Ponemon Institute conducted an interesting experiment sponsored by our client 3M. In the experiment, a “hacker” assumed the role of temporary office worker and was assigned the task of visually hacking sensitive information. (Don’t worry; this was cleared by participating companies in advance!) 3M also sponsored an expanded experiment in 2016 to include offices in China, France, Germany, India, Japan, South Korea and the United Kingdom. (Access the full global study report here)
The results were alarming:
- An undercover hacker was able to visually hack information in 91% of the global trials.
- In nearly half of the trials, the undercover hacker was able to obtain information in 15 minutes or less.
- Globally, 52% of sensitive information was successfully hacked from employee computer screens.
- The visual hacker was stopped in only 32% of the attempts. That means 68% of the time, no one did anything to stop them. Not even colleagues who watched it happen.
More than ever, businesses and their employees need to take additional steps to protect data. Whether working in the office or remotely in public spaces, or while traveling, there are some simple tips Ponemon Institute recommends to protect sensitive information displayed on desktop monitors, laptops, tablets and smartphones:
- In open office environments, adopt a clean desk policy, angle computer screens away from hallways and office doors, and log off devices before leaving them unattended.
- All organizations should institute a visual privacy policy that outlines the specific actions, procedures and best practices to prevent the display of important data in plain sight.
- Ongoing employee (and contractor) training and awareness programs should be an integral part of an organization’s security and privacy strategy.
- While organizations are increasing budgets to combat cybersecurity, they should allocate resources to support a stronger visual privacy strategy as well.
- Limit employee access to sensitive information while working in open or public spaces to help reduce the risk of a potential data breach.
And my personal advice, albeit biased: Provide 3M privacy screens to all employees who handle sensitive information, travel or work in remote locations.
Visual hacking is real. Admit it. At one time or another, you’ve glanced at the screen of the person next to you on an airplane. Thing is, others have done the same to you.
Still not convinced? Check out these related articles on visual hacking:
http://www.healthcareitnews.com/news/visual-hacking-bigger-threat-security-professionals-might-think
http://www.federaltimes.com/articles/new-breed-of-it-professional