According to a new study on visual hacking by 3M, business travelers around the world need to be paying greater attention to who might be snooping on sensitive company information whenever they venture out of corporate headquarters. As 3M defines it, “visual hacking” is any type of activity that involves inappropriate viewing of information on a computer screen by people standing next to or behind a user. For business travelers, this means that certain locations – such as airport lounges, hotel lobbies, and any form of public transportation (buses, trains, subways) – might be ripe for visual hacking.
Key findings from the 3M report on visual hacking threats for business travelers
The visual hacking study, conducted by SMS Research for 3M, surveyed more than 1,000 business travelers from around the world, including Germany, India, Japan, the UK and the United States. Nearly 8 in 10 business travelers said that visual hacking posed a threat to their organizations. And fully two-thirds (66%) of respondents said that they have noticed someone looking at their screen while in public. In some cases, of course, it might simply be a curious bystander or someone standing nearby who inadvertently glances at an open computer screen. But in other cases, it could be a nefarious hacker or cybercriminal, looking for information (such as passwords or login credentials) that could be used to infiltrate an organization. In fact, business travelers say that up to 1 in 3 corporate data breaches are probably related to visual hacking in one way or another.
The problem, quite simply, is that visual hacking is almost impossible to avoid for many business travelers. According to the 3M study, 75 percent of business travelers display company information on a screen while in an airport or train, and another two-thirds of business travelers display company information while riding a bus or subway. And many more business travelers work in public cafes or other venues where private information is further exposed. Yet, despite the potential for visual hacking to take place in full public view, little seems to be done about it. Only 30 percent of business travelers say that their organizations have fully educated them on how to protect sensitive information.
By far, the riskiest place for visual hacking to take place is public transportation. In an attempt to classify the types of risks involved, the 3M report took a closer look at all of the possible venues where visual hacking might take place for business travelers. Public transportation came in as the No. 1 overall risk, followed by cafes (e.g. a local Starbucks with a public Wi-Fi network), airports and hotel lobbies.
Solutions to the problem of visual hacking
One potential solution, says 3M, is to install a privacy filter on any computer screen being used by business travelers. The classic privacy filter blocks content from unauthorized side or back views. Someone standing over the shoulder of a business traveler, for example, would only see a black screen, and not the sensitive details of a company’s new product launch or competitive strategy. No surprises here, but 3M happens to offer the exact types of privacy filters that might be used by business travelers to protect against visual hacking. This would seem to represent the type of easy, no-nonsense solution that can be universally embraced by just about any organization. But is it enough?
Clearly, organizations need to be doing more to boost their cyber defenses. It might be naive to think that all of the high-profile data breaches of the past few years can be traced back to visual hacking. The reality is that cybercriminals and nefarious hackers are getting more and more sophisticated about how they break into the computer systems of some of the world’s biggest companies. The visual hacking risk is just part of the overall threat matrix faced by companies as hackers develop new methods for obtaining sensitive information. In short, unprotected computer screens might be a weak link on a company’s IT security efforts, but there are plenty of other weak links that might result in confidential information falling into the wrong hands.
Other defenses against visual hacking
Other steps might be taken to protect against visual hacking. For example, senior management might join a visual privacy advisory council to get senior-level buy-in to protect against visual hacking threats. The visual hacking problem is one that must be confronted at the highest level. If, as the 3M visual hacking experiment suggests, 1 in 3 data breaches can be traced back to visual hacking, then this threat needs to be elevated to a C-suite or board-level priority.
Moreover, cyber IT teams need to be doing more than just handing out privacy filters to business travelers headed out to conventions, expos or trade shows. They might work with white hat hackers to develop defenses against visual hacking and prevent data breaches. In addition, they should be cataloging the information types and pieces of information that are most at risk of visual hacking. And, as part of the overall plan for making sure every visual hacked is stopped, they should be educating business travelers about how to confront someone thought to be engaged in visual hacking. As the 3M study showed, most business travelers are unwilling to confront an alleged visual hacker. What could be more stressful, after all, then getting into a public confrontation in the middle of a busy airport or crowded subway train?
The bottom line is that, in 15 minutes or less, visual hackers can walk away with private information displayed on a computer screen and have all the pieces of information (such as login credentials) they need in order to compromise an organization’s computer system. Visual hacking attempts need to be stopped before they can even take place in order to protect sensitive information. For business travelers who might be on the road many days and nights of the year, there is a real incentive to get educated about the potential risks posed by visual hacking.