Global research has shown that visual hacking is a significant risk in the workplace today.
Visual hacking is when someone steals confidential information either by discreetly pointing a smart phone at a screen and taking pictures, or by memorizing what they see.
In the 2016 Global Visual Hacking Experiment by Ponemon, a ‘white hat’ visual hacker visited 46 different companies pretending to be a temporary office worker but really scouting to steal information from desks and screens. The results were eye-opening, as one report put it. Almost 91% of the visual hack attempts were successful.
The good news is that there are clear and simple ways to protect an organization from all visual hackers.
Security has to start with a culture of security throughout an organization as well as security awareness training for all employees.
Here are 5 ways to make visual privacy a part of an organization’s security strategy – and reduce the incidence of visual hacking:
- Implement a Clean Desk Policy. The policy directs employees to keep the workplace tidy, and to be aware of confidential data that may be visible. If away from the desk even for a short time, lock important documents inside a desk or file cabinet and clear computer screens. At the end of the day, all confidential information has to be locked away or securely destroyed.
- Move office furniture. Position desks so that employees have control over who sees work area information (this is most challenging in open concept offices). Sitting in a corner or with back to a wall is the most strategic position. Position computer screens so one else can read them. Have a hot key that engages a screen saver when potentially prying eyes are observed. Train mobile workers to protect information when they are remote working too.
- Use privacy filters. In the Ponemon experiment, 52% of sensitive information was visually hacked from computer screens. Provide privacy filters that can be slipped on to desktop monitors, laptops, tablets, and smart phones. The filters ensure that only a direct viewer at close range can see the on-screen information.
- Set up a tips line. In 68% of trials, the white hat hacker was not stopped by employees. This shows how important it is to have a culture of security, and to train employees about information security. Be sure all employees are educated about behaviors of insider fraudsters, and set up a tips line so employees can report suspicious visual hacking behavior. For example, a disgruntled employee may take a quick snapshot of confidential data on a desktop computer in the office.
- Have a document shredding process. A document shredding policy will reduce the number of sensitive documents around the office. Partner with a reliable service provider, and implement a Shred-it all Policy too so that employees securely destroy all documents that are no longer needed. Routine shredding helps keep the company compliant with privacy laws and shows employees how committed the organization is to information security.
Learn how a comprehensive document management process helps reduce the risk of visual hacking too.