Do national security agencies overlook visual data?

When Australia announced it was setting up a new cyber security centre earlier this year, computer screens in the Australian Signals Directorate’s (ASD – formerly Digital Signals Directorate, DSD) Cyber Security Operations Centre were clearly visible. Are national security agencies underestimating the threat posed by visual data capture?

There was a media melee when the then-Prime Minister Julia Gillard visited her government’s premier security agency last January. Press and TV crews had been afforded rare access to the facility. Whilst reporting their PM’s words of praise for the agency, her pride in announcing new cyber security initiatives, video crews were able to capture agency computer screens. They are clearly visible on the official news footage.

ASD Cyber security centre

As one commentator recently posted on LinkedIn: “The video … doesn’t appear to show any privacy filters on the screens, despite the high likelihood that at least some of the information normally present is sensitive. Content displayed on the screens for the cameras were nice ‘wall papers’ that I can only assume someone had approved.”.

 

Australia boasts it is the Commonwealth authority on cyber security, yet its 35 Strategies to Mitigate Targeted Cyber Intrusions focus exclusively on high-tech solutions. However, the official government Information Security Manual does refer to the issue, advising agencies to:

  • Prevent unauthorised people from observing systems, in particular, displays and keyboards.” Blinds or drapes should be used where there is potential for observation through windows.
  • Apply privacy filters to the screens of mobile devices, mitigating risks from shoulder surfing.
  • “Ensure personnel are aware not to access or communicate sensitive or classified information in public locations, unless extra care is taken to reduce the chance of being overheard or having the screen of the device observed.”

Perhaps the ASD could re-assert its world infosec leadership by promoting these low-tech, low-cost and low-effort solutions, too. Widening provision of screen privacy filters from mobile to office devices would make a good start.

Posted in Advice, News, Visual Data Security | Tagged , , , , | Leave a comment

Security policy for visual data 2: Identify threats & countermeasures

As described in our previous blog, a well-structured security policy is essential to demonstrate compliance with the regulatory environment. After classifying all the information whose loss could have an impact on personal privacy or the well-being of the company, the organisation needs to identify the threats that could compromise [...] Continue Reading…

Posted in Advice, IT Governance, Visual Data Security | Tagged , , , , , , | Leave a comment

Security policy for visual data 1: Classify your data

A security policy is essential to demonstrate compliance with the regulatory environment. Policies must encompass all the information whose loss could have an impact on personal privacy or the well-being of the company so visual data (printed material, on-screen information, whiteboards) needs to be included.

The first step in establishing [...] Continue Reading…

Posted in News, Visual Data Security | Tagged , | Leave a comment

Don’t let shoulder-surfers make you the ‘HMRC of Visual Data Capture’

Better tablet displays and improvements in smartphone cameras make organisations increasingly vulnerable to data breaches through unauthorised visual data capture. Wendy Goucher, Senior Information Security Consultant at Idrach, reveals just how good the latest smartphones are at capturing data from hi-res tablet screens. Her prediction? The threat from shoulder-surfers [...] Continue Reading…

Posted in Idrach, Research, Visual Data Security | Tagged , , , , , | Leave a comment

New survey highlights risk from ‘commuter snoopers’

Nearly three-quarters of office workers shoulder surf their neighbours on the way to and from work. Trains and planes are top locations for ‘commuter snooping’.

New research from storage and information management company Iron Mountain reveals that 72 per cent of the UKs office commuters are looking over the shoulder [...] Continue Reading…

Posted in News, Survey, Visual Data Security | Tagged , , , , , | Leave a comment

Not all screen privacy filters are equal

One of the simplest, most cost-effective ways to improve data security is to fit your computer screens with privacy filters. These are relatively low-cost items, but not all are created equal.

Effectiveness of screen privacy filters depends on how well they prevent unauthorised persons from viewing the display, and the [...] Continue Reading…

Posted in 3M, Hypertec, Visual Data Security | Leave a comment

Shoulder surfing incidents must be reported

Many data breaches go unreported; however, since 25 August telecom providers and ISPs have had a duty to declare unauthorised access to customer data within 24 hours. There is no threshold for how serious the breach must be – all must be notified, however trivial. For example, if someone [...] Continue Reading…

Posted in News, Visual Data Security | Tagged , , | Leave a comment

Will new office portables be safe from shoulder surfers?

Websites like PCSTATS and Notebookcheck demonstrate ever-improving viewability by including horizontal and vertical side views of displays in their reviews. (image: www.notebookcheck.net)

New display technologies are brighter, larger, easier to read, more comfortable to use and easier to share with a colleague – but every one [...] Continue Reading…

Posted in News, Visual Data Security | Leave a comment

Keeping our finances secure

Financial services companies face unlimited fines under UK law for data security breaches – so need to take visual data security particularly seriously.

Our personal and business finances are particularly sensitive, why which is why financial services firms are subject to an additional regulatory framework overlaying the data protection laws [...] Continue Reading…

Posted in News, Visual Data Security | Tagged , , | Leave a comment

3M study reveals French concerns about shoulder surfing

Survey shows nearly half of French adults are concerned about visual data security; almost two fifths have been able to read others’ confidential information.

Diversified technology company 3M and Secure, the European Association for Visual Data Security, today announced the results of a new survey entitled “Data Security In France”, [...] Continue Reading…

Posted in 3M, Survey, Visual Data Security | Tagged , , | Leave a comment