We’ve all heard of travelling light but what about travelling secure?
Business not doing so well? Sales down? Margins are tight? No company would want their competitors or members of the public to know any of this information, but many of us would talk about it or write confidential emails about it in public, without giving it a second thought.
The fact is that ‘shoulder-surfing’ or ‘visual hacking’ is a significant threat to organisational data. This often innocent action isn’t always the first thing that comes to mind when talking about data security but this issue can be just as threatening as hackers trying to obtain organisational data.
It might seem far-fetched to some but think twice the next time you are on the way to an important sales pitch or on your way home after a meeting has gone badly. Overheard conversations and seemingly innocent glances from strangers sat next to you at the content on your screens could be hugely revealing and embarrassing. Particularly if other passengers work in your industry and connect the dots!
It is easy to overlook that we could be gaining access to all kinds of intellectual property, and that, if in the wrong hands, we could end up getting that person in some big trouble.
Better safe than sorry: looking after your data physically
Just last year, Heathrow Airport was hit with a £120,000 data breach fine by the Information Commissioner’s Office over lost USB stick. This initially sounds pretty extreme, but not when you consider that the USB stick in question contained sensitive personal data pertaining to an unconfirmed number of people working at the airport.
Instances like this highlight the critical importance of looking after your data physically.
Organisations across the country are busy focusing on the latest technology products and services to help them prevent against cyber-crime. Meanwhile, physical deterrence remains low on the agenda, despite still having the ability to cause large-scale, high-impact data breaches.
Keep your trade secrets to yourself
Dealing with this issue should be part of the wider conversation about how to defend businesses against sophisticated cyber-attacks. In January 2019, it was announced that over £100m will be invested in funding for cybersecurity research and development in order to combat cyber-attacks threatening businesses. Yet we haven’t perhaps given enough thought to the role of physical device security, when it comes to preventing data breaches.
Word of advice on keeping your data private
There are a number of ways of dealing with this issue that employees and IT managers really need to be aware of. Most obviously, just don’t do it!
However, it is not reasonable nor sensible to stop people working on the go, if you really do have to deal with confidential information on a packed commuter train or on a long-haul business flight then you could also use a privacy screen, which acts as a pretty robust filter for unwanted eyes.
A recent survey by IDC highlighted that the most popular reason UK businesses buy privacy screens is to protect their company image, it is a bigger priority than even data loss or privacy concerns.
While privacy screens don’t come with advanced encryption capabilities, they do restrict the view of onlookers meaning only the person in front of the screen can see what’s on it.
Some may scoff at the use of such screens, but it sure beats handing over confidential IP to competitors. Plus, with data privacy rulings such as GDPR in place, businesses are risking a lot more than just lost intellectual property (IP) should they fail to safeguard customer information.
Keep your data security up to scratch
Although such device loss-focused breaches may not happen so often, or on the same scale as Heathrow’s, as the headline-grabbing incidents we now see on a worryingly regular basis, it doesn’t make them any less important.
It’s very easy to gain access, or just visibility, of critical industry information and data by sitting on a half an hour train journey. Something that leaves many organisations with a hole in their IT security efforts.
For companies to successfully execute an effective security strategy, they need to go beyond simply relying on sophisticated software, and place a greater sense of urgency on physical security, and the growing impact this has on the wider business.
In the same way that large-scale breaches can leave an organisation with damage to not only it’s finances, infrastructure and customer base, exposure of physical security also goes hand-in-hand with reputation. If customer data falls into the wrong hands, they aren’t going to care if it was stolen online or in person, the knock-on-effect of lack of trust will be exactly the same.
With GDPR in place, companies will no longer be able to brush off questions around how and where they are storing customer data and will need to be transparent. Conditions for consent will be strengthened and organisations will be penalised for using long, illegible terms and conditions around data consent.
Businesses need to remember that just as they are making sure viruses are kept at bay, how they protect their data through physical means are equally as important. It is through this holistic approach that organisations can keep their security up to standards.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.