I recently attended the Ponemon Institute’s Responsible Information Management (RIM) Renaissance Privacy Event. While headlines and discussion continue to focus on cybersecurity; privacy professionals also had good conversations about the basics of visual privacy. Protecting confidential information is a basic privacy principle – and it is easy to overlook the reminders with our mobile and ever connected work environment.
Let’s start with the basics:
- Visual Privacy: The act of protecting sensitive, confidential, and private information from visual hacking
- Visual Hacking: A low-tech method used to capture sensitive, confidential, and private information for unauthorized use
In a Visual Data Breach Risk Assessment Study, respondents indicated that 67% of employees access sensitive or confidential data in public. 70% of companies indicated that they had no explicit policy on working in public places. 50% of responders had experienced a violation of visual privacy.
Employees today are connected at all times – phones, tablets, laptops. Access is pervasive 24/7 and that means access is in all types of places. Unauthorized access to confidential information is not limited to consumer data or financial data – it includes your company’s intellectual property and information assets. Even conducting routine email on devices that can be seen by others can put confidential information at risk, if employees are not careful in managing their use of the device. Security and Privacy Training and Awareness programs should adapt and ensure that reminders and policies are in place for employees regardless of where they are conducting their work.
Access is not limited to public places – employees may work from home, where active computer screens or paper documents can be viewed by unauthorized people. Organizations are moving more to open floor plans and that creates the need for broader awareness of the “need to know” concept, if confidential information is more readily visible in office locations.
Tips for success to reduce your risk of visual hacking:
- Review your policies to confirm if you have address Visual Privacy requirements, including access in public place
- Enhance your training and awareness program to provide user tips for access on mobile and smart devices
- Conduct a floor walk after hours to confirm the usage of “clean desk” adoption
Conduct a floor walk during office hours with an unknown person and see how much confidential information can be viewed, seen or collected within one hour.
- Automate screen saver settings to enforce lock down of screen access without use
- Check with IT to see if simple user tips or reminders can be added to screen saver settings
- Create a “Travel Safe” campaign to address access on planes, at hotels, at coffee shops
Protecting confidential information is a basic building block of privacy. Visual Hacking can be prevented, but only if employees increase their privacy awareness of their surroundings and follow basic tips to protect visual privacy. Help employees with reminders so you don’t have to worry about who shoulder surfing your company’s confidential information.
To learn more about Visual Hacking, check out the Visual Privacy Advisory Council.
Linnea Solem is the Chair of the Shared Assessments Program and is Chief Privacy Officer, Vice President Risk and Compliance for Deluxe Corporation. Linnea is a management professional with 20+ years financial services experience in areas eCommerce, technology, business development, marketing, information practices and risk management. She is a Certified Information Privacy Professional and led Deluxe’s compliance initiatives for Y2K, GLB, Check 21, and Red Flags Legislation. You can connect with Linnea on LinkedIn.
Reposted with permission from Deluxe Blogs