Your Top Data-Exposure Risk: Employees -- Security Today

Your Top Data-Exposure Risk: Employees

Too many IT departments lack policies to help employees protect data

By Jason Cronk
Sep 01, 2018

People are fallible creatures. As the saying goes, nobody’s perfect.

So it should come as no surprise that employees are a top source of data breaches. According to IBM’s latest X-Force cyber-threat report, inadvertent insiders— or people who are unknowingly the root cause of security incidents— were responsible for more than two-thirds of the total records compromised in 2017.1

Certainly, IT departments have worked hard to combat data risks that have a human element, like phishing attacks, but there are other risks that have long gone unaddressed. One of them is the visual display of sensitive data.

You have probably seen someone working in a public place—like a plane, train, coffee shop or hotel lobby—with the contents of their laptop screen on full display for others to see. Such incidents can expose data and result in a data breach that you may never be able to trace back to a time, place or person.

This is why it’s important to understand visual privacy risks and the steps you can take to mitigate them.

Drawing an Audience

The visual display of sensitive information should be a concern for any IT department that gives workers network access outside the office.

Case in point: Almost nine of 10 mobile workers say they’ve experienced someone looking over their shoulder at their laptop in public places, according to a Ponemon Institute study.2

This “shoulder surfing” may be nothing more than random curiosity or it may have malicious intent.

Visual hacking involves capturing or viewing private, sensitive or confidential information for unauthorized use. Any passerby in public places or fellow passenger on public transit could visually hack data shown on a screen with a quick, unnoticed tap of their smartphone. They could even remember or quickly jot down displayed information, like company finances, a customer’s credit-card number or a worker’s network log-in. With high-quality CCTV cameras everywhere, the visual hacker might not even be in the same room.

What You Can Do

Here are four ways that IT and information-security departments can help protect data on screens:

Architect. Designing privacy-friendly systems that minimize the use of sensitive data.

Secure. Hiding sensitive data from potential threats and avoiding unnecessary details.

Supervise. Enforcing policies and procedures for the appropriate use of data, and then demonstrating compliance with them.

Balance. Informing individuals about the collection or use of their data, and giving them some control over that data.

While all four can serve as important controls, supervision is one area where many organizations fall short. Too often, workers simply don’t have guidance for accessing sensitive data in public areas or even protecting visual privacy in the workplace.

Policies should be in place to outline if, when and how mobile workers can access sensitive data on laptops or mobile devices. Policies should also provide guidance for minimizing data exposure when accessing data in public is necessary, such as by angling screens away from public spaces and maintaining a clean workspace.

Of course, data privacy shouldn’t entirely rely on worker behaviors because, again, to err is human. Enforcing policies is hard and demonstrating worker compliance with policies is expensive and timeconsuming. This is why policies need supporting technical measures that provide added protection in instances of employee negligence.

For example, providing privacy filters and requiring their use on all laptop or mobile device screens, including personal devices used for work, supports employees when they forget to angle their screen away from prying eyes. The privacy filter attaches to a device’s screen and blacks out the angled view of onlookers to help reduce the risk of visual hacking.

You can also use location-based access controls to help prevent workers from viewing sensitive data outside the office. You can use practices like data masking to limit the display of sensitive data. There are many opportunities for technology to support policy objectives.

An Expectation of Privacy

We’re in a new era of data protection. Today, amid new regulations like GDPR and fresh stories about data misuse, there are expectations among customers and internal stakeholders alike that companies be better stewards of data.

Strong cyber-security measures can help you meet these expectations, bu policies, procedures and technology that help limit the visual display of sensitive data—especially as it becomes more mobile— can no longer be avoided.

This article originally appeared in the September 2018 issue of Security Today.

HID Signs Agreement to Acquire Calmell Group
07/10/2025
HID and ASSA ABLOY Recognized with Renowned Red Dot Award for Innovative Biometric eGate Design
07/09/2025
Security Industry Association Announces Program for 2025 AcceleRISE Conference
07/07/2025
SIA Opens Applications for 2025 Denis R. Hébert Identity Management Scholarship
07/07/2025
Honeywell Makes Strategic Tuck-in Acquisition of Li-ion Tamer
07/01/2025
Defining SASE at the Largest Consumer Electronics Chain in the Nordics
06/26/2025
Elite Interactive Receives Strategic Investment from CIVC Partners
06/26/2025
ProdataKey’s Emergency Response Integrations: Integrated Access Control Made Easy
06/25/2025

Featured

Industry Embraces Mobile Access, Biometrics and AI

A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now
- Access Control
Sustainable Video Solution Delivered for Landmark City of London Office Development

An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now
- Facility Security
DHS to End ‘Shoes-Off’ Travel Policy

Homeland Security Secretary Kristi Noem announced a new policy today which will allow passengers traveling through domestic airports to keep their shoes on while passing through security screening at TSA checkpoints. Read Now
- Airport Security
AI to Help Resolve Non-Emergency Calls Across Utah and Decrease 911 Caller Wait Times

The Utah Communications Authority (UCA), which oversees the state’s next generation 911 technology services, recently announced that public safety answering points (PSAPs) throughout the state plan to implement Motorola Solutions’ Virtual Response technology to automate the receipt and resolution of 10-digit non-emergency line calls in Utah with the help of AI. Read Now
- Government
Report: 2025 Video Surveillance Market Set to Grow After Small Decline in 2024

Novaira Insights has unveiled its latest report, “World Market for Video Surveillance Hardware and Software – 2025 Edition.” The research indicates that the global market for video surveillance hardware and software experienced a slight decline of 0.3% in 2024. This performance fell short of previous forecasts, primarily due to a significant decrease of 7.8% in the Chinese market. Conversely, the rest of the world saw a growth of 4.9%. The global market for video surveillance equipment was estimated to be worth $25.0 billion in 2024. Read Now
- Video Surveillance

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Automatic Systems V07

Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.
HD2055 Modular Barricade

Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.
Mobile Safe Shield

SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.