This page contains a Flash digital edition of a book.
SECURITY


‘confidential’; and taking photos of on-screen information using the camera built into his smartphone.


He was only stopped or questioned in less than a third of attempts to visually hack information and on average, he obtained five pieces of sensitive or confidential information each time. This content included contact lists, customer information, financial data, employee information, employee access and log-in information.


Interestingly, vulnerability varied according to department, with legal and finance being the hardest to ‘hack’ (presumably because they are handling sensitive information every day and are therefore more aware of the need for privacy). The easiest departments to hack were customer service, communications and sales.


ANECDOTAL EVIDENCE The same research study model is


”THE HACKER WAS ONLY STOPPED OR QUESTIONED IN


LESS THAN A THIRD OF ATTEMPTS AND OBTAINED FIVE


PIECES OF SENSITIVE OR CONFIDENTIAL INFORMATION.”


by 3M, the science-based technology company, the study was carried out by the world-renowned security advisory firm the Ponemon Institute and involved a ‘white hat hacker’ (in other words, a penetration-testing specialist) entering the offices of eight US companies in the guise of a temporary or part-time employee.


The hacker walked around these offices and attempted to visually hack sensitive information in three ways: looking for information in full view on people’s desks and screens; picking up business documents labelled


www.tomorrowsfm.com


being carried out in the UK during 2016 and it will be interesting to see how the results compare with the US. Regardless, it is – in my view – quite easy to imagine how simple it is to hack information. How many times have we seen people put their computer password codes on a Post-It Note above their desk? How often have we caught a glimpse of someone’s screen while on a train or in a café? If you’re working in an open-plan office, can you potentially see what is on colleagues’ computer screens right now?


Another survey in which 3M was involved in 2015 involved asking workers in the UK for examples of content they have deliberately or accidentally witnessed on someone else’s screen. More than one hundred respondents cited examples including banking details and passwords, the accounts for a merger or acquisition, salary information, and other HR issues.


Clearly, the risks around visual privacy are potentially greater given the prevalence of mobile working, but as the Ponemon Institute study shows, offices – particularly those with an open- plan design – are also vulnerable.


So having demonstrated the potential problem, what can be done to mitigate risk around visual privacy?


OUT OF SIGHT Fortunately, compared to some other


aspects of security, visual privacy is fairly simple, fast and comparatively economic to address. Here are some ‘best practice’ steps to consider:


• Education and awareness – just making sure that staff are more aware about the visual hacking risk can go a long way to improving security. Make sure that they understand it is their responsibility to ensure that their desktop screens, laptop, tablet or smartphone screens are not easily viewable by someone else, particularly when working in a mobile location. Simple techniques such as always sitting in a seat against a wall when working in a hotel or café help to make screens harder to view.


• Old-school – screensavers and power-save mode seem to have gone out of fashion with many users, but they are an easy way to make sure that screens are automatically hidden from view after a few seconds. Also instigate automatic re-log-in processes if a device is not used for a few minutes.


• Privacy filters – these mean that screens can only be viewed at close range and at a direct angle. Someone trying to get a sideways glance will just see a dark, blank screen. These filters can be easily slipped onto – and removed from – laptop, desktop monitor and tablet screens. As well as being increasingly used in the private sector, these filters are also prevalent in many public sector departments.


Visual privacy is, of course, just one aspect of security to consider, but considering that it also one of the easiest to address, it makes sense to include prevention of visual hacking within any organisation’s security strategy.


www.3mdirect.co.uk TOMORROW’S FM | 43


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60