Global research has shown that visual hacking is a significant risk in the workplace today.
Visual hacking is when someone steals confidential information either by discreetly pointing a smart phone at a screen and taking pictures, or by memorising what they see.
In the 2016 Global Visual Hacking Experiment by Ponemon, a ‘white hat’ visual hacker visited 46 different companies pretending to be a temporary office worker but really scouting to steal information from desks and screens. The results were, as one report put it, eye-opening. Almost 91% of the visual hack attempts were successful.
The good news is that there are clear and simple ways to protect an organisation from all visual hackers.
Security has to start with a culture of security throughout an organisation as well as security awareness training for all employees.
Here are 5 ways to make visual privacy a part of an organisation’s security strategy – and reduce the incidence of visual hacking.
- Implement a Clean Desk Policy. The policy directs employees to keep the workplace tidy, and to be aware of confidential data that may be visible. If away from the desk even for a short time, lock important documents inside a desk or filing cabinet and lock computers so there's no information visible on the screen. At the end of the day, all confidential information has to be locked away or securely destroyed.
- Move office furniture. Position desks so that employees have control over who sees work area information (this is most challenging in open plan offices). Sitting in a corner or with back to a wall is the most strategic position. Position computer screens so no one else can read them. Have a hot key that engages a screen saver when potentially prying eyes are observed. Train mobile workers to protect information when they are remote working too.
- Use a computer privacy screen. In the Ponemon experiment, 52% of sensitive information was visually hacked from computer screens. Provide privacy screens that can be slipped on to desktop monitors, laptops, tablets, and smart phones. The screens ensure that only a direct viewer at close range can see the on-screen information.
- Set up a tips line. In 68% of trials, the white hat hacker was not stopped by employees. This shows how important it is to have a culture of security, and to train employees about information security. Be sure all employees are educated about behaviours of insider fraudsters, and set up a tips line so employees can report suspicious visual hacking behaviour. For example, a disgruntled employee may take a quick snapshot of confidential data on a desktop computer in the office.
- Have a document shredding process. A document shredding policy will reduce the number of sensitive documents around the office. Partner with a reliable service provider, and implement a Shred-it all Policy too so that employees securely destroy all documents that are no longer needed. Routine shredding helps keep the company compliant with data protection laws and shows employees how committed the organisation is to information security.