Protecting data in the age of mobile working is the topic for Nick Hughes, Marketing Manager, 3M.
Mobile working is a hit with individuals and organisations, giving valuable extra flexibility and allowing workers in the field to make use of otherwise unproductive time, when using public transport for example. It is also opening up a new front in the battle over data security. While data loss due to theft of equipment, such as portable computers, is taken very seriously and can carry penalties including heavy fines or permanent bans from obtaining and holding customer details in the future, organisations need to do more to ensure visual security compliance.
Workers reading data on their laptops in train carriages, airport lounges or coffee bars risk exposing customers’ personal data or commercially sensitive information to the prying eyes of unauthorised observers. In the past, this prying may have been regarded as little more than a nuisance; its common name – shoulder surfing – has opportunistic or random connotations that can mask the true severity of today’s threat.
The data-theft business is maturing quickly. Illicit internet sites are known to offer data such as credit card information – as well as bespoke data-theft services – to any bidder. As trends like mobile working and cloud computing become entrenched, organised gangs can view public places as rich fields of information that can be harvested relatively easily with no need for expensive software-hacking skills. Diverse and potentially valuable data is on offer – credit card accounts, social security numbers, company-confidential information, or employee log-in details – that could provide a gateway to deeper corporate resources.
The high quality of today’s camera phones allows criminals to capture images and data easily as they are displayed on the employee’s screen. Their multi-megapixel resolution can provide that apparently benign (if a little irritating) shoulder surfer with images that can be uploaded to a PC and zoomed allowing the data to be read clearly. This data can then be transferred easily to a spreadsheet or word file, for example, and disseminated quickly and easily through cyber-crime channels that are known to be well developed.
Despite these realities, safeguarding displayed data is an under-addressed area in IT security. According to research commissioned by 3M, the technology company, 67 per cent of working professionals had worked with some type of sensitive data outside the office within the past year. Some 57pc said they have at times stopped working on their laptops because of privacy concerns in a public place. Of course, laptops are not the only devices presenting such easily accessible windows into their users’ organisations: the dramatic growth of smart phone and tablet usage provides many additional opportunities for organised criminals to capture sensitive data.
Organisations’ security policies are slow to respond to these issues. Some 70pc of the workers surveyed worked for companies that had no explicit policies covering working outside the office.
Still, key executives appear worryingly content to review confidential sales and personnel records on a laptop in a public place. Despite the fact that people often say they value visual privacy, an experiment carried out as part of the research offered free-of-charge internet kiosks to attendees of a large IT conference, and found that 26pc used them to access corporate email in a location highly visible to attendees passing by
Companies need to take visual security extremely seriously, especially as data-protection legislation continues to develop quickly in response to public concerns over cyber crime. In the USA, 46 states have already passed laws obliging organisations to notify individuals if their data has been compromised. Exposure of even a small number of records – perhaps just a screen’s worth of data captured by a camera phone – may constitute a breach by current standards and could trigger customer notification.
To protect laptop screens from unauthorised viewing and to help achieve data protection compliance, organisations can specify that all employees from the board down install a privacy filter device. Fitting neatly over any laptop or computer screen, privacy filters are designed specifically to allow an unrestricted view for the user but prevents others positioned to the side or viewing over their shoulder from seeing what is on the screen. Devices such as these will deliver optimum results as part of a combination of measures that should also include educating employees about the risks involved with exposing corporate data in public places.
A copy of the Visual Data Breach Risk Assessment Study commissioned by 3M is available for download from http://solutions.3m.com/wps/portal/3M/en_US/SDP/Privacy_Filters/Resources/Eight/
About 3M (UK) plc
The company is exhibiting at Infosecurity Europe 2011, the informatui nsecurity event in Europe held on April 19 to 21, at Earls Court, London. The event provides an education programme and exhibition. For further information visit –
