Wednesday 1 May 2013

Shoulder Surfing...

Working in IT security, I understand and advocate the importance of PINs and passwords, as well as explaining why they shouldn't be shared.  My 8 year old and 6 year old have computer lessons at school from which they understand the importance of keeping passwords secret. 

On our home PC, I've created profiles for them where they insisted on having passwords and even I as the administrator/father don't know their passwords.  It makes me proud when I try and trick the password out of the them, that they won't tell me.

Imagine my surprise when my wife recounts her day, where my 2 year old son was happily playing on the iPad and listening to iTunes.  I tell my wife that my iPad is PIN protected!  I've been "shoulder surfed" by my two year old son!

Not a major problem as I don't keep important information on it, but he can play Angry Birds whenever he wants (and pretty much does)...

 
What if this was a work environment, it would not be acceptable if this had happened.  In fact, I would suspect someone would get either a verbal or written warning for such a security lapse.  Maybe I have a certain amount of paranoia, but I don't check my email on my mobile when there are people close enough to shoulder surf me.  Not that I have anything that private or personal, but I don't know what's in that email until I open it.
 
The facts around visual security are pretty much as you expect:
  • 80% chance that you've already become a victim of others reading over your shoulder
  • £1.9 million is the average cost to businesses per incident of physical data theft
  • 96% of data breaches in 2010 were avoidable
  • 52% of laptop users in the UK are ignoring visual security issues
  • 67% of working professionals surveys in the US had worked on some type of sensitive data outside of the office.
Visual security of on-screen data can be a key part of the implementation of ISO 27001.  So if you excuse the reflection, you can see both my laptop and desktop screen when looking at them head on.
 
 
Here is my screen from an angle and slightly above to give the view of a shoulder surfer, you can see my 3M privacy filters working their magic.
 

 
When the view angle exceeds 30 degrees, the screen is protected.  You can also see a notch in the top right allowing these to be removed to give the normal visibility back.
 
e92plus have started distributing the 3M privacy filters and free samples can be requested from here: http://www.securityplusonline.co.uk/3m  

Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)