One of the hardest relevant changes to enforce following a data breach is a new cybersecurity and privacy hygiene, along with making the connection between physical security and cyber protection layers. How many times did you see the laptop screen next to you, picked up printed documents from a network printer not meant for you, or see someone reading confidential company matter on an unsecure screen?
StopVisualHacking.org, created by 3M, provides many useful tips on implementing protection against visual hacking:
- Begin educating your organization (especially at-risk employees, such as senior management)
- Implement policies and procedures (identify at-risk persons, require use of screen filters, implement “clean desk” policy, institute policy for IT applications and require them to mask high-risk data)
- Enable compliance by providing solutions (screen privacy filters, set proper timeouts on screensavers, etc.)
Facts about visual hacking from a study by the Ponemon Institute:
- 72% of workers in the United States have some level of mobility
- 67% of employees expose sensitive data outside of the workplace
- 23.9% work with Social Security Numbers in public places
- 70% of companies have no explicit policy on working in public places
All of us like to discuss high-tech crimes, hackers, and corporate espionage, but rarely do we mention, or even realize, that many of these incidents do not require high-tech effort, just a low-tech weakness and the right target.
A visual privacy and data protection that couples physical controls with an ongoing employee education can set the foundation and privacy expectations to the desired level, while ensuring that an enhanced information privacy and security culture is propagated throughout the enterprise.
Visual Hacking – A low-tech method used to capture sensitive, confidential, and private information for unauthorized use.
Visual Privacy – A state in which sensitive, confidential, and private information is protected from visual hacking.