A lot of money gets spent on protecting companies against the bad guys. According to a Gartner press release in May this year, worldwide security software revenue was over $21bn in 2014, yet there is one comparatively ‘low tech’ area of security that is often overlooked: visual privacy and mitigating the risk of ‘visual hacking’.
Most of us are aware that our screens are potentially viewable by co-workers, business associates or even complete strangers, particularly as many of us increasingly work in remote, mobile locations. Visit many a town or city coffee shop during 9-5, Monday to Friday, and chances are that people working on their laptops or tablets make up a growing percentage of customers.
Despite the clear risks involved, just how seriously individuals and their employees deal with the risk of visual privacy varies hugely. Some government departments have proactively mandated visual privacy as part of their security strategies, while others include it as part of their ISO27001 compliance, or the government SPF, or as part of FCA/FSA security guidelines in the financial services sector.
However, in many other organizations, visual privacy is not even on the radar, which is alarming considering the fact that, while the scale of the risk is hard to measure, it is very real.
A recent study by the Ponemon Institute not only found that almost 90% of visual hacking attempts were successful, it also discovered that the easiest departments to hack were customer service, communications and sales. While these departments perhaps do not handle as sensitive information as the legal or finance departments, members of staff are quite likely to be working on, for instance, customer contracts or launch information around a new product. If this content fell into the wrong hands, imagine the damage that could be done.
The Internal Threat
Nor is the visual hacking risk limited to external environments: there is the ‘insider threat’ to consider too. Imagine a disgruntled employee witnessing some confidential data on a desktop computer in the office, taking a quick snapshot and then passing on – or even selling – that information to a third party. Visual hacking is extremely easy to conduct and is not restricted to technology experts. Anyone can carry out a ‘visual hack’. In the same way that organizations implement least-privilege management solutions to restrict access to internal information, the same thinking should be applied to visual privacy.
Visual Privacy is Simple to Address
The irony is that, while visual hacking is easy to achieve, it is easy to prevent, once the right measures have been taken. On a very basic level, just making sure that staff are more aware of the need to protect their screens from prying eyes will make a difference (in exactly the same way that most of us know not to let anyone else in the ATM queue see us keying in our four-digit pin numbers).
However, asking people to shield their screens more rigorously is prone to human error, so a far safer solution is to give them privacy filters, which can be easily slipped on to desktop monitors, laptops, tablets and even smartphones. Using advanced film technology, these filters ensure that only the direct viewer at close range can see the on-screen information (to anyone else, the screen will look blank). The filters can be easily removed when necessary.
Given the amount of investment many organizations put into preventing security vulnerabilities and the fact that visual privacy is pretty simple to address, surely it pays to address this potentially gaping hole in many security strategies?
For more information on visual hacking or to request a 3M Privacy Filter sample, please visit our website.
