Consumer and enterprise financial institutions have a non-negotiable obligation to protect internal and customer data at all times — whether it is being stored, transmitted or viewed.
CISOs often focus on traditional methods such as access controls and cybersecurity, while visual controls, like privacy filters, aren’t top of mind. But consider some industry trends and harsh truths that should give pause to anyone who has dismissed the need for stronger physical security measures:
- Companies are creating more open working spaces. For example, financial software developers often work in open floor space or “fishbowls” with other developers. Mortgage loan officers may meet with clients at restaurants or at their desks in the bank lobby. These open spaces allow for improved collaboration and better customer experiences, yet make opportunities for visual hacking easier and more frequent.
- Taking pictures with a phone is no longer conspicuous. 83% of all phones in use are camera phones. Typical mobile users look at their mobile devices 150 times per day!* It’s not hard to snap a picture of a screen, magnify it and transcribe the information, especially as camera technologies grow in sophistication.
- People trust people. For many, we assume positive intent in others — and don’t think colleagues or guests are out to steal information. We trust each other when, in fact, sometimes people are looking to snoop or copy.
To show how easy it is to steal sensitive company information through visual hacking, the Ponemon Institute (on behalf of the Visual Privacy Advisory Council and sponsored by 3M Company) conducted the 3M Visual Hacking Experiment.
The study, which included financial organization participants, found that a white-hat hacker was able to visually hack sensitive company information, such as employee access and log-in credentials, in nearly nine out of ten attempts (88%). That could potentially put a company at risk for a much larger, brand-shattering data breach.
This video shows more, but it supports the concept that visual hacking must be part of a CISO’s insider threat program. The enterprise view must be protected from people who don’t have the right to know.
Some companies are going to extremes — not allowing cell phones or tablets in certain locations and blocking wireless signals from these sensitive areas. At a minimum, get started on your visual privacy policy today and consider using privacy filters to help prevent confidential and sensitive data from being displayed — and potentially visually hacked — in plain sight.
Does your organization have a plan to protect data against visual hacking?
Tell us in the comments below.