Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Snooping Represents A Growing Data Breach Threat

Few organizations are addressing the risk caused by outsiders looking at company information on mobile workers' screens, finds a study by 3M.

Who's reading over your shoulder? With more employees now working in public places, for a break from the office or while on the go, 57% said they've had to stop their work because of privacy concerns, and 70% think they'd be more productive if no one else could view what they're working on.

Those findings come from a survey of 800 computer-using professionals, conducted by Luth Research and commissioned by 3M, which manufactures physical privacy filters for PCs and mobile devices.

But is the risk of so-called "visual data breaches" real? Well, snooping is certainly a threat, according to Hugh Thompson, chief security strategist of People Security. "Information revealed on mobile devices outside the workplace now creates a window into a corporation's most confidential data -- whether it is regulated or simply company secrets -- and significantly raises the threat level of visual data breaches."

According to market researcher IDC, 72% of the U.S. workforce is mobile in some capacity, and it expects to see 75% of the workforce mobile by 2013. Meanwhile, according to the 3M survey, half of employees now work outside the office in a high-traffic public area at least one hour per week.

Of course, when on the go, getting things done often requires working with sensitive information. Indeed, according to the survey, 67% of employees work with sensitive information outside of the office, including corporate financial data (said 42% of respondents), customers' credit card numbers (26%), customers' social security numbers (24%), and patients' medical information (15%).

But the study found that 70% of organizations have no security policies relating to working in public places, and 79% have no policy relating to the use of privacy filters.

From a security standpoint, visual privacy still ranks relatively low on the IT radar. According to survey respondents, their organization's current data security practices include virtual private network (VPN) access (46%), disk encryption software (38%), and two-factor authentication (19%). Only 13% of organizations, however, currently use privacy filters.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4396
PUBLISHED: 2020-08-04
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 1...
CVE-2020-4410
PUBLISHED: 2020-08-04
IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not have access to. IBM X-Force ID: 179539.
CVE-2020-4459
PUBLISHED: 2020-08-04
IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 181395.
CVE-2020-4525
PUBLISHED: 2020-08-04
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 1...
CVE-2020-4542
PUBLISHED: 2020-08-04
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 1...