The Low-Tech Hack You're Not Prepared For
We’re inundated with terrifying tales of computer hacking. But seldom discussed is the relatively low-tech act of visual hacking: That’s when a snoop sneaks a peek at or photographs your sensitive information. In a Ponemon Institute experiment conducted on behalf of 3M and the Visual Privacy Advisory Council, an undercover hacker posing as a contractor or part-time worker was able to obtain sensitive info (like log-in credentials) 88 percent of the time.
In the Ponemon Institute study, employees did nothing to stop the undercover operative 70 percent of the time. Be sure to inform your staff of the risks of visual hacking, and have them memorize “the three Rs”: 1. Refrain from sharing key customer or business information with others. 2. Remove such information from business forms and documents where possible. 3. Redact the sensitive information that cannot be removed.
Identify places where confidential materials are stored, such as workstations, printer and fax areas or conference room whiteboards. The more public the workspace, the more tightly you’ll want to lock it down. Place shredders or secured waste containers where only authorized personnel can access them. Keep documents out of plain sight by using printers with a “locked print” option (which requires passcode entry upon pickup) and instituting a clean-desk policy.
Protect your screens:
This is going to sound paranoid, but Burks says it’s for real: If you have computer screens in public areas, position them in a way that makes them hard to snoop on, and use password-protected screensavers. Privacy filters (films that block side views of your screen) are your friend, especially on laptops or smartphones that employees use outside the office. And consider where visual hacking and computer hacking can intersect: Check that wi-fi security cameras aren’t aimed at confidential information and are protected by strong passwords.