What is visual data security?
The protection of sensitive, valuable or private information from visual capture.
The Increase in Data Loss
According to IT Security firm Gartner, spending on data security infrastructure will reach $86 billion a year by 2016. This figure is dwarfed by the €750 billion that EUROPOL estimates cyber crime costs annually. Despite spending on fire walls, virus protection and encryption, an alarming amount of data is being lost. Symantec estimated that 84% of UK, German and French businesses suffered a data breach in 2012 – the vast majority of these being preventable.
The Increased Threat Posed by Modern Working Practices
Modern working can increasingly be called mobile working, with employees consistently accessing confidential data on the move and often on their own mobile devices – which now account for 73% of all IT sales. A result of this practical and cultural mobile trend is the constant duplication of data by workers and its removal from secure environments. US figures suggest that 67% of employees access sensitive data outside of secure environments.
Visual Data Security
A consequence of this has been a rapid increase in the both the amount of data that can be lost, and the ways in which such losses can occur. In particular, there has been a marked rise in the amount of information lost by visual data security breaches – where sensitive, valuable and private information has been visually captured – either by one of the 3 billion digital camera phones in circulation, by the billions of high resolution and often unsecured CCTV cameras across the globe or simply, but no less threateningly, by human sight.
Polling conducted by Comres showed that 71% of UK professionals admitted to having read what another person was working on over their shoulder. Similarly, in France, 46% of people polled indicated that they had previously been concerned that confidential information they had worked on might have been overseen
The Impact of a Visual Data Security Breach
Visual Data Security breaches have had serious, entirely preventable consequences, on numerous individuals, governments and corporate organisations. Examples of breaches include:
- The publication of an S&P 500 company’s profit forecasts after a Vice-President was working on the figures during a flight from London to New York whilst sat by a Journalist.
- The capture and publication of sensitive information relating to British Prince William from a photograph of a screen he was working on.
- In the United States the private details of clients displayed on computer screens in a Bank of America office were captured by camera through the bank’s windows by people on the street.
In the UK the British Government is well aware of the threat posed by a visual data breach and takes active measures “to ensure visual data security” and “mitigate the risk of shoulder surfing”. In key Department, “All Staff are made aware of the importance of visual data security during their induction training” and are further required to “undertake annual training in the visual security risk of working in public places”. In addition, the UK Government’s Financial Services Authority places severe fines on organisations that have “failed to mitigate the risks arising from portable media” and has highlighted the threat posed by individuals “taking photographs of customer data on screen” using “high-end mobile phones”. The National Audit Office has also highlighted the need to ensure that “people are not the weakest link” in cyber security and are trained to reduce the UK’s “cyber security skills gap”.
In France, the French Government’s Networks and Information Security Agency has highlighted the changing risks to security and the growth of mobile working and BYOD in particular. It also specifically includes visual data security in its “Advice to Travellers”, where it recommends the use of “screen-protection filters for laptops to prevent bystanders from looking at sensitive documents”. The French Information and Freedom Commission (CNIL) also fines companies which “fail to protect data from distortion or disclosure to unauthorised third parties.”
The European Commission is in the process of implementing new data protection regulations which will oblige all European companies to carry out data protection impact assessments. The new rules will also actively promote privacy enhancing measures for mobile workers.
The Development of Visual Data Security Best Practice in the Private Sector
Given the rise in incidents of data loss from visual data security breaches, and their extremely damaging consequences, an increasing number of organisations have put measures in place to educate and protect their staff. These organisations include:
- Barclays – who use computer privacy screens to protect their computers in branch
- Duncan Lawrie Private Banking – who include visual data security in their staff training
- Google – who equip at risk employees with privacy screens for their laptops.
How to Simply and Effectively Protect your Organisation
Secure’s purpose is to raise awareness of Visual Data Security and reduce the risk of a breach by promoting the adoption of simple practical and behavioural preventative measures including:
- Making employees aware of the need for visual data security during mobile working
- Where necessary utilising computer screen shields to restrict screen display to the user of the device
- Placing computer screens in locations where they cannot be overlooked.
- Not accessing sensitive information in circumstances where it can be easily overlooked
- Giving due consideration to whether information could be overlooked and taking practical, preventative steps should this be the case.