Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Data Breach Survey Identifies Snooping As A Growing Risk

3M Privacy Filters : 08 December, 2010  (Technical Article)
Workers regularly put themselves at risk from "visual data breaches" also known as shoulder-surfing where information displayed on their screens is easily readable by adjacent people, increasing risks of data leakage through snooping
A new study conducted by People Security and commissioned by 3M, the maker of privacy filters for computers and mobile devices, reveals two-thirds of employees expose sensitive data outside the workplace - some even exposing highly regulated and confidential information such as customer credit card and social security numbers. The Visual Data Breach Risk Assessment Study also found the majority of companies do not have policies or measures in place to protect sensitive information from computer screen snooping when employees are working in public places.

"With the rise in mobile workers carrying confidential data with them outside the office, snooping is no longer a harmless hobby and may represent a weak link in corporate data security practices," says Dr. Hugh Thompson, Chief Security Strategist of People Security. "Today's latest smart phones now make it possible for a data thief to take a high-resolution picture of confidential information on a computer screen and retrieve readable data without any hacking necessary. Information revealed on mobile devices outside the workplace now creates a window into a corporation's most confidential data - whether it is regulated or simply company secrets - and significantly raises the threat level of visual data breaches."

The study included a survey of 800 working professionals and an experiment at a large IT conference where attendee computer usage habits and data security choices were observed.

According to the Privacy Rights Clearinghouse's Chronology of Data Breaches, more than a half billion sensitive records have been breached since 2005, leaving Americans vulnerable to identity theft. While this number does not include visual privacy breaches, 71 percent of working professionals surveyed admitted to glancing at another person's computer screen where they saw such things as corporate emails (26%), presentations (20%), documents (18%), spreadsheets (29%) or other corporate sensitive information (11%). While most surveyed said the reason for glancing at another person's screen was unintentional, 15 percent were interested in what was on the screen and 2 percent even admitted they were trying to obtain information.

"Companies know they need to protect confidential information, but the threat of a visual data breach has historically been low on the priority list," said John Stoxen, 3M Director of Business Conduct and Compliance. "This study should convince companies to reassess their data security policies and tools to determine how to better protect against visual data breaches when employees are working outside the office. At 3M, we address the risk of visual privacy in our Electronic Resources policy by requiring employees to take appropriate measures to protect 3M confidential information in public places by using privacy filters."

The study also examined how privacy concerns affect employee productivity while working outside the office. Fifty-seven percent of working professionals surveyed said they have stopped working on their laptops because of privacy concerns in a public place and 80 percent thought that "prying eyes" posed at least some risk to their organization.

Key Study Findings:

* Employees are exposing regulated customer information, as well as confidential corporate information outside the office. Two-thirds (67%) of working professionals surveyed had worked with some type of sensitive data outside the trusted confines of the office within the past year, including highly sensitive information such as customer credit card numbers (26%), customer social security numbers (24%), patient medical information (15%) and internal corporate financial information (42%).

* Convenience is more important than privacy for employees working outside the office. One in four (26%) conference internet kiosk users accessed corporate email on an unprotected network in a high-traffic public area, though many had the opportunity to use a more secure corporate laptop or smart phone. Furthermore, attendees who used the internet kiosks had the choice of using a computer either equipped or not equipped with a privacy filter so neighbors and passersby couldn't see the information they were accessing; the majority (65%) of kiosk users chose one without a privacy filter. These findings illustrate that some employees are careless with corporate data by choosing convenience over security.

* Significant gap exists between risk and corporate policy/tools to prevent visual data breaches. There is a basic expectation that companies will keep sensitive information secure at all times. However, 70 percent of working professionals surveyed said their company had no explicit policy on working in public places and 79 percent reported no company policy on the use of privacy filters to prevent visual data breaches.

* Protection against visual data breaches last to be addressed by corporations. Data security practices such as VPN access (46%), disk encryption software (38%) two-factor authentication (19%) were all more commonly used to protect against breaches compared to the use of privacy filters (13%).

* The threat of a visual data breach is growing. Fifty-five percent of working professionals surveyed worked on their laptop in a high-traffic public area at least 1 hour per week. IT analyst firm IDC estimates that more than 72 percent of the US workforce has some level of mobility3, and by 2013 this number will increase to more than 75 percent. Many of these workers will access corporate email/data in public areas through laptops and smart phones, putting that data at risk for exposure. According to a recent survey, more than 60 percent of US households now have at least one camera phone4. This means that most users have the ability to capture images, including screens shots, further increasing the risk of visual data breaches.

* Opportunity to increase productivity when privacy-concerned employees work outside the office with stronger privacy protection measures in place. Fifty-seven percent of working professionals surveyed said they have stopped working on their laptops because of privacy concerns in a public place and 70 percent said they would be more productive in public places if they thought no one else could see their screen. This concept that security-conscious employees would be more productive working outside the office when using privacy-enhancing tools such as privacy filters was further indicated through observation during the experiment.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo